All modules
CMVP Validated Module · FIPS 140-3 Security Policy

Amazon Linux 2023 GnuTLS Cryptographic Module

Certificate#5015StandardFIPS 140-3Level1TypeSoftwareEmbodimentMulti-Chip Stand AloneStatusActiveVendorAmazon Web Services, Inc.
Medium review priority  ·  exposes network crypto parser/protocol  ·  GnuTLS upstream has published 9 CVEs since this module's initial validation  ·  last validated 14 months ago. How this is derived →

Certificate

StandardFIPS 140-3
Overall level1
Module typeSoftware
EmbodimentMulti-Chip Stand Alone
StatusActive
Sunset date5/4/2030
CaveatWhen operated in approved mode and installed, initialized and configured as specified in Section 11 of the Security Policy.
VendorAmazon Web Services, Inc.

Approved Algorithms (84)

AlgorithmACVP Cert
AES-CBCA4537
AES-CCMA4537
AES-CFB8A4542
AES-CMACA4537
AES-GCMA4537
AES-GMACA4545
AES-XTS Testing Revision 2.0A4546
Counter DRBGA4545
ECDSA KeyGen (FIPS186-4)A4545
ECDSA KeyVer (FIPS186-4)A4545
ECDSA SigGen (FIPS186-4)A4545
ECDSA SigVer (FIPS186-4)A4545
HMAC-SHA-1A4540
HMAC-SHA2-224A4540
HMAC-SHA2-256A4540
HMAC-SHA2-384A4540
HMAC-SHA2-512A4540
KAS-ECC-SSC Sp800-56Ar3A4545
KAS-FFC-SSC Sp800-56Ar3A4545
KDA HKDF Sp800- 56Cr1A4544
KDF TLS (CVL)A4545
PBKDFA4545
RSA KeyGen (FIPS186-4)A4545
RSA SigGen (FIPS186-4)A4545
RSA SigVer (FIPS186-4)A4545
SHA-1A4540
SHA2-224A4540
SHA2-256A4540
SHA2-384A4540
SHA2-512A4540
SHA3-224A4541
SHA3-256A4541
SHA3-384A4541
SHA3-512A4541
TLS v1.2 KDF RFC7627 (CVL)A4545
AES-CBC (A4537)
AES-CFB8 (A4542)
AES-GCM (A4537)
AES-XTS Testing Revision 2.0 (A4546)
KAS-FFC-SSC Sp800-56Ar3 (A4545)
KAS-ECC-SSC Sp800-56Ar3 (A4545)
Counter DRBG (A4545)
ECDSA SigGen (FIPS186-4) (A4545)
ECDSA SigVer (FIPS186-4) (A4545)
RSA SigGen (FIPS186-4) (A4545)
RSA SigVer (FIPS186-4) (A4545)
KDA HKDF Sp800-56Cr1 (A4544)
KDF TLS (A4545)
PBKDF (A4545)
HMAC-SHA-1 (A4540)
HMAC-SHA2- 224 (A4540)
HMAC-SHA2- 256 (A4540)
HMAC-SHA2- 384 (A4540)
HMAC-SHA2- 512 (A4540)
SHA3-224 (A4541)
SHA3-256 (A4541)
SHA3-384 (A4541)
SHA3-512 (A4541)
ECDSA KeyGen (FIPS186-4) (A4545)
RSA KeyGen (FIPS186-4) (A4545)
AES-CBC (A4538)
AES-CBC (A4539)
AES-CBC (A4540)
AES-CBC (A4545)
AES-CBC (A4572)
AES-CFB8 (A4548)
AES-CFB8 (A4543)
AES-GCM (A4538)
AES-GCM (A4539)
AES-GCM (A4540)
AES-GCM (A4545)
AES-GCM (A4572)
HMAC-SHA-1 (A4545)
HMAC-SHA-1 (A4572)
HMAC-SHA2- 224 (A4545)
HMAC-SHA2- 224 (A4572)
HMAC-SHA2- 256 (A4545)
HMAC-SHA2- 256 (A4572)
HMAC-SHA2- 512 (A4545)
HMAC-SHA2- 512 (A4572)
SHA3-224 (A4547)
SHA3-256 (A4547)
SHA3-384 (A4547)
SHA3-512 (A4547)

Security Levels (Table 1)

Requirement areaLevel
Cryptographic Module Specification2
Cryptographic Module Interfaces3
Roles, Services, and Authentication4
Software/Firmware Security5
Operational Environment6
Self-Tests1
Life-Cycle Assurance1

Derived Review-Risk Graph (review prompts, not findings)

flowchart LR
  %% Deterministic review-risk graph for Amazon Linux 2023 GnuTLS Cryptographic Module
  %% Review prompts and evidence gaps, NOT vulnerability findings.
  subgraph CMVP["CMVP-disclosed clues"]
    C2["[high] Firmware update / recovery<br/>/ rollback services<br/><i>Error State</i>"]
    C3["[high] Unauthenticated /<br/>self-test / status service<br/>surface<br/><i>Symmetric Encryption with AES<br/>Symmetric Decryption with AES<br/>Show Status</i>"]
    C5["[low] Protocol / secure-channel<br/>references (may be KDF<br/>names, not a live channel)<br/><i>TLS<br/>HTTPS<br/>library named: gnutls</i>"]
    C6["[low] Operating system / runtime<br/>referenced (boundary<br/>membership not asserted)<br/><i>operating system<br/>linux<br/>application</i>"]
  end
  subgraph Inference["Derived inference"]
    I2["Trusted code is reachable<br/>through update and<br/>recovery paths."]
    I3["Some services may process<br/>input before, or without,<br/>operator authentication."]
    I5["Possible only, a protocol<br/>is referenced, but whether<br/>it is a live channel or<br/>only a KDF/algorithm name<br/>is unconfirmed."]
    I6["Possible only, a<br/>runtime/OS is referenced,<br/>but its membership in the<br/>cryptographic boundary is<br/>not established."]
  end
  subgraph Risk["Reviewer question"]
    R2["Are update images<br/>authenticated before<br/>parsing, and are<br/>downgrade/rollback paths<br/>constrained?"]
    R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
    R5["If a live TLS/SSH/IKE<br/>channel exists, could<br/>library CVEs apply, or is<br/>this only a<br/>KDF/documentation name?"]
    R6["If the OS/runtime is<br/>in-boundary, could its<br/>CVEs be hidden by<br/>firmware-only versioning?"]
  end
  subgraph Evidence["Evidence needed to close"]
    E2["update image format ·<br/>signature-before-parse<br/>proof · anti-rollback /<br/>downgrade policy"]
    E3["pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
    E5["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>library identity and<br/>version ·<br/>certificate-validation<br/>behaviour · protocol-CVE<br/>disposition"]
    E6["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>runtime identity and<br/>config · kernel/runtime<br/>hardening profile ·<br/>patch/backport manifest"]
  end
  C2 --> I2 --> R2 --> E2
  C3 --> I3 --> R3 --> E3
  C5 --> I5 --> R5 --> E5
  C6 --> I6 --> R6 --> E6
  classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
  classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
  classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
  class C2,C3,C5,C6 clue;
  class I2,I3,I5,I6 infer;
  class R2,R3,R5,R6 risk;
  class E2,E3,E5,E6 evidence;
Underlying clues
flowchart LR
  %% Deterministic clue tier for Amazon Linux 2023 GnuTLS Cryptographic Module
  %% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
  subgraph CMVP["CMVP-disclosed clues (deterministic)"]
    C2["[high] Firmware update / recovery / rollback services<br/><i>Error State</i><br/>src: securityPolicy.services"]
    C3["[high] Unauthenticated / self-test / status service surface<br/><i>Symmetric Encryption with AES<br/>Symmetric Decryption with AES<br/>Show Status</i><br/>src: securityPolicy.services"]
    C5["[low] Protocol / secure-channel references (may be KDF names, not a live channel)<br/><i>TLS<br/>HTTPS<br/>library named: gnutls</i><br/>src: text:keyword"]
    C6["[low] Operating system / runtime referenced (boundary membership not asserted)<br/><i>operating system<br/>linux<br/>application</i><br/>src: text:keyword"]
  end
  classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
  classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
  class C2,C3 clueHigh;
  class C5,C6 clueLow;

Security Policy, page by page

Page 1

Amazon Web Services, Inc. Amazon Linux 2023 GnuTLS Cryptographic Module Document Version 1.2 Last update: 2025-04-29 Prepared by: atsec information security corporation

4516 Seton Center Pkwy, Suite 250
Page 2

Amazon Linux 2023 GnuTLS Cryptographic Module Austin, TX 78759 www.atsec.com © 2025 Amazon Web Services, Inc./atsec information security.

Page 3

Amazon Linux 2023 GnuTLS Cryptographic Module Table of Contents © 2025 Amazon Web Services, Inc./atsec information security.

Page 4

Amazon Linux 2023 GnuTLS Cryptographic Module © 2025 Amazon Web Services, Inc./atsec information security.

Page 5

Amazon Linux 2023 GnuTLS Cryptographic Module List of Tables © 2025 Amazon Web Services, Inc./atsec information security.

Page 6

Amazon Linux 2023 GnuTLS Cryptographic Module List of Figures © 2025 Amazon Web Services, Inc./atsec information security.

Page 7
Security level
NameISO SectionRequirementLevel
11General1
22Cryptographic module specification1
33Cryptographic module interfaces1
44Roles, services, and authentication1
55Software/Firmware security1
66Operational environment1
77Physical securityN/A
88Non-invasive securityN/A
99Sensitive security parameter management1
1010Self-tests1
1111Life-cycle assurance1
1212Mitigation of other attacksN/A
Overall LevelOverall Level1

Amazon Linux 2023 GnuTLS Cryptographic Module

1.1 Overview

This document is the non-proprietary FIPS 140-3 Security Policy for version 3.8.0-f3d7c0863662248d of the Amazon Linux 2023 GnuTLS Cryptographic Module. It contains the security rules under which the module must operate and describes how this module meets the requirements as specified in FIPS PUB 140-3 (Federal Information Processing Standards Publication 140-3) for an overall Security Level 1 module.

1.2 Security Levels
1.3 Additional Information

This Security Policy describes the features and design of the module named GnuTLS Cryptographic Module using the terminology contained in the FIPS 140-3 specification. The FIPS 140-3 Security Requirements for Cryptographic Module specifies the security requirements that will be satisfied by a cryptographic module utilized within a security system protecting sensitive but unclassified information. The NIST/CCCS Cryptographic Module Validation Program (CMVP) validates cryptographic module to FIPS 140-3. Validated products are accepted by the Federal agencies of both the USA and Canada for the protection of sensitive or designated information. including this notice. Other documentation is proprietary to their authors. © 2025 Amazon Web Services, Inc./atsec information security.

Page 8

Amazon Linux 2023 GnuTLS Cryptographic Module consolidated into this document by atsec information security together with other vendor-supplied documentation. In preparing the Security Policy document, the laboratory formatted the vendor-supplied documentation for consolidation without altering the technical statements therein contained. The further refining of the Security Policy document was conducted iteratively throughout the conformance testing, wherein the Security Policy was submitted to the vendor, who would then edit, modify, and add technical contents. The vendor would also supply additional documentation, which the laboratory formatted into the existing Security Policy, and resubmitted to the vendor for their final editing. © 2025 Amazon Web Services, Inc./atsec information security.

Page 9

Amazon Linux 2023 GnuTLS Cryptographic Module

2 Cryptographic Module Specification
2.1 Description

Purpose and Use: The Amazon Linux 2023 GnuTLS Cryptographic Module (hereafter referred to as “the module”) is a cryptographic module that provides cryptographic services to applications running in the user space of the underlying operating system through a C language Application Program Interface (API). Module Type: Software Module Embodiment: MultiChipStand Module Characteristics: Cryptographic Boundary: The block diagram in Figure 1 shows the cryptographic boundary of the module, its interfaces with the operational environment, and the flow of information within the module and between the module and operator (depicted through the arrows). The module components consist of the libgnutls.so.30, libnettle.so.8, libhogweed.so.6, and libgmp.so.10, which are verified by computing their HMAC values and comparing the computed value with the stored .libgnutls.so.30.hmac, .libnettle.so.8.hmac, .libhogweed.so.6.hmac, and .libgmp.so.10.hmac values. © 2025 Amazon Web Services, Inc./atsec information security.

Page 10
Module configuration
NameOperating SystemHardware PlatformFirmware VersionSoftware VersionProcessorPaa PaiHypervisorFeaturesPackageIntegrity Test
libgnutls.so.30, libnettle.so.8, libhogweed.so.6, libgmp.so.10 on EC2 c7g.metal with AWS Graviton33.8.0-f3d7c0863662248dN/Alibgnutls.so.30, libnettle.so.8, libhogweed.so.6, libgmp.so.10 on EC2 c7g.metal with AWS Graviton3HMAC-SHA2-256
libgnutls.so.30, libnettle.so.8, libhogweed.so.6, libgmp.so.10 on3.8.0-f3d7c0863662248dN/Alibgnutls.so.30, libnettle.so.8, libhogweed.so.6, libgmp.so.10 onHMAC-SHA2-256
libgnutls.so.30, libnettle.so.8, libhogweed.so.6, libgmp.so.10 on AWS Snowball with AMD EPYC 77023.8.0-f3d7c0863662248dN/Alibgnutls.so.30, libnettle.so.8, libhogweed.so.6, libgmp.so.10 on AWS Snowball with AMD EPYC 7702HMAC-SHA2-256
libgnutls.so.30, libnettle.so.8, libhogweed.so.6, libgmp.so.10 on AWS Snowblade with Intel Xeon Gold 6314U3.8.0-f3d7c0863662248dN/Alibgnutls.so.30, libnettle.so.8, libhogweed.so.6, libgmp.so.10 on AWS Snowblade with Intel Xeon Gold 6314UHMAC-SHA2-256
libgnutls.so.30, libnettle.so.8, libhogweed.so.6, libgmp.so.10 on AWS Snowcone with Intel Atom C35583.8.0-f3d7c0863662248dN/Alibgnutls.so.30, libnettle.so.8, libhogweed.so.6, libgmp.so.10 on AWS Snowcone with Intel Atom C3558HMAC-SHA2-256
Amazon Linux 2023Amazon Linux 2023EC2 c7g.metal3.8.0-f3d7c0863662248dAWS Graviton3YesN/A
Amazon Linux 2023Amazon Linux 2023EC2 c6i.metal3.8.0-f3d7c0863662248dIntel Xeon Platinum 8375CYesN/A
Amazon Linux 2023Amazon Linux 2023AWS Snowball3.8.0-f3d7c0863662248dAMD EPYC 7702YesN/A
Amazon Linux 2023Amazon Linux 2023AWS Snowblade3.8.0-f3d7c0863662248dIntel Xeon Gold 6314UYesN/A
Amazon Linux 2023Amazon Linux 2023AWS Snowcone3.8.0-f3d7c0863662248dIntel Atom C3558YesN/A

Amazon Linux 2023 GnuTLS Cryptographic Module Tested Operational Environment’s Physical Perimeter (TOEPP): Figure 1: Block Diagram

2.2 Tested and Vendor Affirmed Module Version and Identification

Tested Module Identification

Page 11
Module configuration
NameOperating SystemHardware PlatformFirmware VersionSoftware VersionProcessorPaa PaiHypervisorFeaturesPackageIntegrity Test
libgnutls.so.30, libnettle.so.8, libhogweed.so.6, libgmp.so.10 on AWS Snowball with AMD EPYC 77023.8.0-f3d7c0863662248dN/Alibgnutls.so.30, libnettle.so.8, libhogweed.so.6, libgmp.so.10 on AWS Snowball with AMD EPYC 7702HMAC-SHA2-256
libgnutls.so.30, libnettle.so.8, libhogweed.so.6, libgmp.so.10 on AWS Snowblade with Intel Xeon Gold 6314U3.8.0-f3d7c0863662248dN/Alibgnutls.so.30, libnettle.so.8, libhogweed.so.6, libgmp.so.10 on AWS Snowblade with Intel Xeon Gold 6314UHMAC-SHA2-256
libgnutls.so.30, libnettle.so.8, libhogweed.so.6, libgmp.so.10 on AWS Snowcone with Intel Atom C35583.8.0-f3d7c0863662248dN/Alibgnutls.so.30, libnettle.so.8, libhogweed.so.6, libgmp.so.10 on AWS Snowcone with Intel Atom C3558HMAC-SHA2-256
Amazon Linux 2023Amazon Linux 2023EC2 c7g.metal3.8.0-f3d7c0863662248dAWS Graviton3YesN/A
Amazon Linux 2023Amazon Linux 2023EC2 c6i.metal3.8.0-f3d7c0863662248dIntel Xeon Platinum 8375CYesN/A
Amazon Linux 2023Amazon Linux 2023AWS Snowball3.8.0-f3d7c0863662248dAMD EPYC 7702YesN/A
Amazon Linux 2023Amazon Linux 2023AWS Snowblade3.8.0-f3d7c0863662248dIntel Xeon Gold 6314UYesN/A
Amazon Linux 2023Amazon Linux 2023AWS Snowcone3.8.0-f3d7c0863662248dIntel Atom C3558YesN/A

Amazon Linux 2023 GnuTLS Cryptographic Module N/A N/A N/A Table 2: Tested Module Identification

2.3 Excluded Components

The module does not claim any excluded components.

2.4 Modes of Operation

Modes List and Description: © 2025 Amazon Web Services, Inc./atsec information security.

Page 12
Service
NameDescriptionIndicatorType
Approved mode of operationEntered by default, after passing the pre-operational and all conditional cryptographic algorithms self-tests (CASTs). Also, automatically entered whenever an approved service is requestedEquivalent to the indicator of the requested service as defined in section 4.3Approved
Non-approved mode of operationAutomatically entered whenever a non-approved service is requestedEquivalent to the indicator of the requested service as defined in section 4.4Non- Approved
Approved algorithm
NameCAVP CertPropertiesReference
AES-CBCA4537Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-CBCA4538Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-CBCA4539Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-CBCA4540Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-CBCA4545Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-CBCA4572Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-CCMA4537Key Length - 128, 256SP 800-38C
AES-CCMA4572Key Length - 128, 256SP 800-38C
AES-CFB8A4542Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-CFB8A4543Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-CFB8A4548Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-CMACA4537Direction - Generation, Verification Key Length - 128, 256SP 800-38B
AES-CMACA4540Direction - Generation, Verification Key Length - 128, 256SP 800-38B
AES-CMACA4545Direction - Generation, Verification Key Length - 128, 256SP 800-38B
AES-GCMA4537Direction - Decrypt, Encrypt IV Generation - External IV Generation Mode - 8.2.1 Key Length - 128, 256SP 800-38D
AES-GCMA4538Direction - Decrypt, Encrypt IV Generation - External IV Generation Mode - 8.2.1 Key Length - 128, 256SP 800-38D
AES-GCMA4539Direction - Decrypt, Encrypt IV Generation - External IV Generation Mode - 8.2.1 Key Length - 128, 256SP 800-38D
AES-GCMA4540Direction - Decrypt, Encrypt IV Generation - External IV Generation Mode - 8.2.1 Key Length - 128, 256SP 800-38D
AES-GCMA4545Direction - Decrypt, Encrypt IV Generation - External IV Generation Mode - 8.2.1 Key Length - 128, 256SP 800-38D
AES-GCMA4572Direction - Decrypt, Encrypt IV Generation - External IV Generation Mode - 8.2.1 Key Length - 128, 256SP 800-38D
AES-GMACA4545Direction - Decrypt, Encrypt IV Generation - External IV Generation Mode - 8.2.1 Key Length - 128, 256SP 800-38D
AES-XTS Testing Revision 2.0A4546Direction - Decrypt, Encrypt Key Length - 128, 256SP 800-38E
Counter DRBGA4545Prediction Resistance - No Mode - AES-256 Derivation Function Enabled - NoSP 800-90A Rev. 1
ECDSA KeyGen (FIPS186-4)A4545Curve - P-256, P-384, P-521 Secret Generation Mode - Testing CandidatesFIPS 186-4
ECDSA KeyVer (FIPS186-4)A4545Curve - P-256, P-384, P-521FIPS 186-4
ECDSA SigGen (FIPS186-4)A4545Component - No Curve - P-256, P-384, P-521 Hash Algorithm - SHA2-224, SHA2-256, SHA2-384, SHA2-512FIPS 186-4
ECDSA SigVer (FIPS186-4)A4545Component - No Curve - P-256, P-384, P-521 Hash Algorithm - SHA2-224, SHA2-256, SHA2-384, SHA2-512FIPS 186-4
HMAC-SHA-1A4540Key Length - Key Length: 112-524288 Increment 8FIPS 198-1
HMAC-SHA-1A4545Key Length - Key Length: 112-524288 Increment 8FIPS 198-1
HMAC-SHA-1A4572Key Length - Key Length: 112-524288 Increment 8FIPS 198-1
HMAC-SHA2-224A4540Key Length - Key Length: 112-524288 Increment 8FIPS 198-1
HMAC-SHA2-224A4545Key Length - Key Length: 112-524288 Increment 8FIPS 198-1
HMAC-SHA2-224A4572Key Length - Key Length: 112-524288 Increment 8FIPS 198-1
HMAC-SHA2-256A4540Key Length - Key Length: 112-524288 Increment 8FIPS 198-1
HMAC-SHA2-256A4545Key Length - Key Length: 112-524288 Increment 8FIPS 198-1
HMAC-SHA2-256A4572Key Length - Key Length: 112-524288 Increment 8FIPS 198-1
HMAC-SHA2-384A4540Key Length - Key Length: 112-524288 Increment 8FIPS 198-1
HMAC-SHA2-384A4545Key Length - Key Length: 112-524288 Increment 8FIPS 198-1
HMAC-SHA2-384A4572Key Length - Key Length: 112-524288 Increment 8FIPS 198-1
HMAC-SHA2-512A4540Key Length - Key Length: 112-524288 Increment 8FIPS 198-1
HMAC-SHA2-512A4545Key Length - Key Length: 112-524288 Increment 8FIPS 198-1
HMAC-SHA2-512A4572Key Length - Key Length: 112-524288 Increment 8FIPS 198-1
KAS-ECC-SSC Sp800-56Ar3A4545Domain Parameter Generation Methods - P-256, P-384, P-521 Scheme - ephemeralUnified - KAS Role - initiator, responderSP 800-56A Rev. 3
KAS-FFC-SSC Sp800-56Ar3A4545Domain Parameter Generation Methods - ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192, MODP-2048, MODP-3072, MODP-4096, MODP-6144, MODP-8192 Scheme - dhEphem - KAS Role - initiator, responderSP 800-56A Rev. 3
KDA HKDF Sp800- 56Cr1A4544Derived Key Length - 2048 Shared Secret Length - Shared Secret Length: 224-65336 Increment 8 HMAC Algorithm - SHA2-224, SHA2-256, SHA2-384, SHA2-512SP 800-56C Rev. 2
KDF TLS (CVL)A4545TLS Version - v1.0/1.1SP 800-135 Rev. 1
PBKDFA4545Iteration Count - Iteration Count: 1000-10000 Increment 1 Password Length - Password Length: 8-128 Increment 1SP 800-132
RSA KeyGen (FIPS186-4)A4545Key Generation Mode - B.3.2 Modulo - 2048, 3072, 4096 Hash Algorithm - SHA2-384 Primality Tests - Table C.2 Private Key Format - StandardFIPS 186-4
RSA SigGen (FIPS186-4)A4545Signature Type - PKCS 1.5, PKCSPSS Modulo - 2048, 3072, 4096FIPS 186-4
RSA SigVer (FIPS186-4)A4545Signature Type - PKCS 1.5, PKCSPSS Modulo - 2048, 3072, 4096FIPS 186-4
Safe Primes Key GenerationA4545Safe Prime Groups - ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192, MODP- 2048, MODP-3072, MODP-4096, MODP-6144, MODP-8192SP 800-56A Rev. 3
SHA-1A4540Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8FIPS 180-4
SHA-1A4545Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8FIPS 180-4
SHA-1A4572Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8FIPS 180-4
SHA2-224A4540Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8FIPS 180-4
SHA2-224A4545Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8FIPS 180-4
SHA2-224A4572Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8FIPS 180-4
SHA2-256A4540Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8FIPS 180-4
SHA2-256A4545Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8FIPS 180-4
SHA2-256A4572Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8FIPS 180-4
SHA2-384A4540Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8FIPS 180-4
SHA2-384A4545Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8FIPS 180-4
SHA2-384A4572Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8FIPS 180-4
SHA2-512A4540Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8FIPS 180-4
SHA2-512A4545Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8FIPS 180-4
SHA2-512A4572Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8FIPS 180-4
SHA3-224A4541Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8FIPS 202
SHA3-224A4547Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8FIPS 202
SHA3-256A4541Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8FIPS 202
SHA3-256A4547Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8FIPS 202
SHA3-384A4541Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8FIPS 202
SHA3-384A4547Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8FIPS 202
SHA3-512A4541Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8FIPS 202
SHA3-512A4547Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8FIPS 202
TLS v1.2 KDF RFC7627 (CVL)A4545Hash Algorithm - SHA2-256, SHA2-384SP 800-135 Rev. 1

Amazon Linux 2023 GnuTLS Cryptographic Module NonApproved Table 4: Modes List and Description only be transitioned into the non-approved mode by calling one of the non-approved services listed in the NonApproved Services table. Please see Section 4 or the details on service indicator provided by the module that identifies when an approved service is called. © 2025 Amazon Web Services, Inc./atsec information security.

Page 13

Amazon Linux 2023 GnuTLS Cryptographic Module © 2025 Amazon Web Services, Inc./atsec information security.

Page 14

Amazon Linux 2023 GnuTLS Cryptographic Module © 2025 Amazon Web Services, Inc./atsec information security.

Page 15

Amazon Linux 2023 GnuTLS Cryptographic Module © 2025 Amazon Web Services, Inc./atsec information security.

Page 16
Service
NameApproved FunctionsPropertiesImplementationReference
Cryptographic Key Generation (CKG)RSA:2048, 3072, 4096-bit keysAmazon Linux 2023 GnuTLS (Generic C)SP800-133r2, Section 5.1
Cryptographic Key Generation (CKG) cECDSA:P-256, P-384, P-521 elliptic urvesAmazon Linux 2023 GnuTLS (Generic C)SP800-133r2, Section 5.1, 5.2
Cryptographic Key Generation S (CKG) bafe Prime:2048, 3072, 4096, 6144, 8192- it keysAmazon Linux 2023 GnuTLS (Generic C)SP800-133r2, Section 5.2
Cryptographic Key Generation (CKG)CTR_DRBG:112-256 bit keysAmazon Linux 2023 GnuTLS (Generic C)SP800-133r2, Section 6.1
BlowfishSymmetric Encryption; Symmetric Decryption
CamelliaSymmetric Encryption; Symmetric Decryption
CASTSymmetric Encryption; Symmetric Decryption
Chacha20 and Poly1305Authenticated Encryption; Authenticated Decryption
CMAC with Triple-DESMessage Authentication Code (MAC)
DESSymmetric Encryption; Symmetric Decryption
Diffie-Hellman with keys generated with domain parameters other than safe primesKey Agreement; Shared Secret Computation
Service
NameApproved FunctionsPropertiesImplementationReference
Cryptographic Key Generation (CKG)RSA:2048, 3072, 4096-bit keysAmazon Linux 2023 GnuTLS (Generic C)SP800-133r2, Section 5.1
Cryptographic Key Generation (CKG) cECDSA:P-256, P-384, P-521 elliptic urvesAmazon Linux 2023 GnuTLS (Generic C)SP800-133r2, Section 5.1, 5.2
Cryptographic Key Generation S (CKG) bafe Prime:2048, 3072, 4096, 6144, 8192- it keysAmazon Linux 2023 GnuTLS (Generic C)SP800-133r2, Section 5.2
Cryptographic Key Generation (CKG)CTR_DRBG:112-256 bit keysAmazon Linux 2023 GnuTLS (Generic C)SP800-133r2, Section 6.1
BlowfishSymmetric Encryption; Symmetric Decryption
CamelliaSymmetric Encryption; Symmetric Decryption
CASTSymmetric Encryption; Symmetric Decryption
Chacha20 and Poly1305Authenticated Encryption; Authenticated Decryption
CMAC with Triple-DESMessage Authentication Code (MAC)
DESSymmetric Encryption; Symmetric Decryption
Diffie-Hellman with keys generated with domain parameters other than safe primesKey Agreement; Shared Secret Computation
DSAKey Generation; Domain Parameter Generation; Digital Signature Generation; Digital Signature Verification
ECDSA with curves not listed in the Approved Algorithms tableKey Generation; Public Key Verification
ECDSA with curves/hash functions not listed in the Approved Algorithms tableDigital Signature Generation; Digital Signature Verification
EC Diffie-Hellman with curves not listed in the Approved Algorithms tableKey Agreement; Shared Secret Computation
GOSTSymmetric Encryption; Symmetric Decryption; Message Digest
HMAC with keys smaller than 112-bitMessage Authentication Code (MAC)
HMAC with GOSTMessage Authentication Code (MAC)
MD2, MD4, MD5Message Digest; Message Authentication Code (MAC)
PBKDF with HMAC not listed in the Approved Algorithms table or using input parameters not meeting requirements stated in section 2.7Key Derivation
RC2, RC4Symmetric Encryption; Symmetric Decryption
RMD160Message Digest; Message Authentication Code (MAC)
RSA with keys smaller than 2048 bits or greater than 4096 bits.Key Generation
RSA with keys smaller than 2048 bits or greater than 4096 bits and/or hash functions not listed in the Approved Algorithms tableDigital Signature Generation
RSA with keys smaller than 2048 bits or greater than 4096 bits and/or hash functions not listed in the Approved Algorithms tableDigital Signature Verification
Salsa20Symmetric Encryption; Symmetric Decryption
SEEDSymmetric Encryption; Symmetric Decryption
SerpentSymmetric Encryption; Symmetric Decryption
SRPKey Agreement
STREEBOGMessage Digest; Message Authentication Code (MAC)
Triple-DESSymmetric Encryption; Symmetric Decryption
TwofishSymmetric Encryption; Symmetric Decryption
UMACMessage Authentication Code (MAC)
YarrowRandom Number Generation
DRBG when key length is less than 112 bitsRandom Number Generation
RSAKey Encapsulation; Key Un-encapsulation
Non-supported cipher suites (not listed in Appendix A)Transport Layer Security (TLS) Network Protocol

Table 5: Approved Algorithms Vendor-Affirmed Algorithms: curves 5.1, 5.2 Table 6: Vendor-Affirmed Algorithms Non-Approved, Allowed Algorithms: N/A for this module. Non-Approved, Allowed Algorithms with No Security Claimed: Table 7: Non-Approved, Allowed Algorithms with No Security Claimed Non-Approved, Not Allowed Algorithms: © 2025 Amazon Web Services, Inc./atsec information security.

Page 17

Amazon Linux 2023 GnuTLS Cryptographic Module © 2025 Amazon Web Services, Inc./atsec information security.

Page 18
Service
NameDescriptionApproved FunctionsTypeProperties
Symmetric Encryption with AESSymmetric encryption using AESAES-CBC AES-CBC AES-CBC AES-CBC AES-CBC AES-CBC AES-CFB8 AES-CFB8 AES-CFB8 AES-XTS Testing Revision 2.0BC-UnAuthKeys:128, 192, 256-bit keys with 128-256 bits of key strength
Symmetric Decryption with AESSymmetric decryption using AESAES-CBC AES-CBC AES-CBC AES-CBC AES-CBC AES-CFB8 AES-CFB8 AES-CFB8 AES-XTS Testing Revision 2.0BC-UnAuthKeys:128, 192, 256-bit keys with 128-256 bits of key strength
Authenticated Symmetric Encryption with AESAuthenticated symmetric encryption using AESAES-CCM AES-CCM AES-GCM AES-GCM AES-GCM AES-GCM AES-GCM AES-GCMBC-AuthKeys:128, 256-bit keys with 128 and 256 bits of key strength
Authenticated Symmetric Decryption with AESAuthenticated symmetric decryption using AESAES-CCM AES-CCM AES-GCM AES-GCM AES-GCM AES-GCM AES-GCM AES-GCMBC-AuthKeys:128, 256-bit keys with 128 and 256 bits of key strength
Message Authentication Code with AESMessage authentication code with AESAES-CMAC AES-CMAC AES-CMAC AES-GMACMACKeys:128, 256-bit keys with 128 and 256 bits of key strength
Message Authentication Code with HMACMessage authentication code with HMACHMAC-SHA-1 HMAC-SHA-1 HMAC-SHA-1 HMAC-SHA2-224 HMAC-SHA2-224 HMAC-SHA2-224 HMAC-SHA2-256 HMAC-SHA2-256 HMAC-SHA2-256 HMAC-SHA2-384 HMAC-SHA2-384MACKeys:112-256-bit keys with 112-256 bits of key strength
Message Digest with SHAMessage digest using SHASHA-1 SHA-1 SHA-1 SHA2-224 SHA2-224 SHA2-224 SHA2-256 SHA2-256 SHA2-256 SHA2-384 SHA2-384 SHA2-384 SHA2-512 SHA2-512 SHA2-512 SHA3-224 SHA3-224 SHA3-256 SHA3-256 SHA3-384 SHA3-384 SHA3-512 SHA3-512SHA
Key Derivation with TLS KDFKey derivation using TLS KDFKDF TLS TLS v1.2 KDF RFC7627KAS-135KDFDerived Secret:112-256 bits with 112-256 bits key strength
Key Derivation with KDA HKDFKey derivation using KDA HKDFKDA HKDF Sp800-56Cr1KAS-56CKDFDerived Secret:112-256 bits with 112-256 bits of key strength
Key Derivation with PBKDFKey derivation using PBKDFPBKDFPBKDFKeys:112-4096 bits with 112-256 bits of key strength
Digital Signature Generation with RSADigital signature generation using RSARSA SigGen (FIPS186-4)DigSig-SigGenKeys:2048, 3072, 4096-bit keys with 112, 128, 149 bits of key strength
Digital Signature Generation with ECDSADigital signature generation using ECDSAECDSA SigGen (FIPS186- 4)DigSig-SigGenCurves:P-256, P-384, P- 521 elliptic curves with 128, 192, 256 bits of strength
Digital Signature Verification with RSADigital signature verification using RSARSA SigVer (FIPS186-4)DigSig-SigVerKeys:2048, 3072, 4096 bits with 112, 128, 149 bits of key strength
Digital Signature Verification with ECDSADigital signature verification using ECDSAECDSA SigVer (FIPS186- 4)DigSig-SigVerCurves:P-256, P-384, P- 521 elliptic with 128, 192, 256 bits of strength
Key Pair Generation with RSAKey pair generation using RSARSA KeyGen (FIPS186-4)AsymKeyPair-KeyGenKeys:2048, 3072, 4096 bits with 112, 128, 149 bits of key strength
Key Pair Generation with ECDSAKey pair generation using ECDSAECDSA KeyGen (FIPS186- 4)AsymKeyPair-KeyGenCurves:P-256, P-384, P- 521 elliptic curves with 128, 192, 256 bits of strength
Key Pair Generation with Safe PrimesKey pair generation using Safe PrimesSafe Primes Key GenerationAsymKeyPair-KeyGenKeys:MODP-2048, MODP-3072, MODP- 4096, MODP-6144, MODP-8192, ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192; 2048, 3072, 4096, 6144, 8192-bit keys with 112- 200 bits of key strength
Public Key Verification with ECDSAPublic key verification using ECDSAECDSA KeyVer (FIPS186- 4)AsymKeyPair-KeyVerCurves:P-256, P-384, P- 521 elliptic curves with 128, 192, 256 bits of strength
Shared Secret Computation with KAS- ECC-SSCShared secret computation using KAS-ECC-SSCKAS-ECC-SSC Sp800- 56Ar3KAS-SSCCurves:P-256, P-384, P- 521 elliptic curves with 128, 192, 256 bits of strength
Shared Secret Computation with KAS- FFC-SSCShared secret computation using KAS-FFC-SSCKAS-FFC-SSC Sp800- 56Ar3KAS-SSCKeys:MODP-2048, MODP-3072, MODP- 4096, MODP-6144, MODP-8192, ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192; 2048, 3072, 4096, 6144, 8192-bit keys
Random Number Generation with Counter DRBGRandom number generation using CTR_DRBGCounter DRBGDRBGCompliance:SP800- 90ARev1
TLS HandshakeKey agreementKAS-ECC-SSC Sp800- 56Ar3 KAS-FFC-SSC Sp800- 56Ar3 KDA HKDF Sp800-56Cr1KAS-FullCurves:P-256, P-384, P- 521 elliptic curves with 128, 192, 256 bits of strength Keys:MODP-2048, MODP-3072, MODP- 4096, MODP-6144, MODP-8192, ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192; 2048, 3072, 4096, 6144, 8192-bit keys with 112- 200 bits of key strength Compliance:IG D.F scenario 2(2)
Symmetric Key Generation with Counter DRBGSymmetric key generation using Counter DRBGCounter DRBGDRBGKeys:112-256 bits with 112-256 bits of key strength Compliance:SP 800-133r2 section 6.1
Key Wrapping with AESKey wrapping using AESAES-CCM AES-CCM AES-GCM AES-GCM AES-GCM AES-GCM AES-GCM AES-GCMKTS-WrapKeys:128, 256-bit keys with 128 or 256 bits of key strength Compliance:IG D.G
Key Unwrapping with AESKey unwrapping using AESAES-CCM AES-CCM AES-GCM AES-GCM AES-GCM AES-GCM AES-GCM AES-GCMKTS-WrapKeys:128, 256-bit keys with 128 or 256 bits of key strength Compliance:IG D.G
Key Wrapping with AES and HMACKey wrapping using AES and HMACAES-CBC AES-CBC AES-CBC AES-CBC AES-CBC AES-CBC HMAC-SHA-1 HMAC-SHA-1 HMAC-SHA-1 HMAC-SHA2-224 HMAC-SHA2-224 HMAC-SHA2-224 HMAC-SHA2-256 HMAC-SHA2-256 HMAC-SHA2-256 HMAC-SHA2-384 HMAC-SHA2-384 HMAC-SHA2-384 HMAC-SHA2-512 HMAC-SHA2-512 HMAC-SHA2-512KTS-WrapKeys:128, 256-bit keys with 128 or 256 bits of key strength Compliance:IG D.G
Key Unwrapping with AES and HMACKey unwrapping using AES and HMACAES-CBC AES-CBC AES-CBC AES-CBC AES-CBC AES-CBC HMAC-SHA-1 HMAC-SHA-1 HMAC-SHA-1 HMAC-SHA2-224 HMAC-SHA2-224 HMAC-SHA2-256 HMAC-SHA2-256KTS-WrapKeys:128, 256-bit keys with 128 or 256 bits of key strength Compliance:IG D.G

Amazon Linux 2023 GnuTLS Cryptographic Module

2.6 Security Function Implementations
2.0 2.0 © 2025 Amazon Web Services, Inc./atsec information security.
Page 19

Amazon Linux 2023 GnuTLS Cryptographic Module © 2025 Amazon Web Services, Inc./atsec information security.

Page 20

Amazon Linux 2023 GnuTLS Cryptographic Module Compliance:SP80090ARev1 © 2025 Amazon Web Services, Inc./atsec information security.

Page 21

Amazon Linux 2023 GnuTLS Cryptographic Module © 2025 Amazon Web Services, Inc./atsec information security.

Page 22

Amazon Linux 2023 GnuTLS Cryptographic Module Table 9: Security Function Implementations

2.7 Algorithm Specific Information
2.7.1 TLS

The TLS protocol implementation provides both server and client sides. To operate in the approved mode, digital certificates used for server and client authentication shall comply with the restrictions of key size and message digest algorithms imposed by [SP800-131Ar2].

2.7.2 AES XTS

The AES algorithm in XTS mode can be only used for the cryptographic protection of data on storage devices, as specified in [SP800-38E]. The length of a single data unit encrypted with the XTS-AES shall not exceed 2²⁰ AES blocks, that is 16MB of data. To meet the requirement stated in IG C.I, the module implements a check that ensures, before performing any cryptographic operation, that the two AES keys used in AES XTS mode are not identical. Note: AES-XTS shall be used with 128 and 256-bit keys only. AES-XTS with 192-bit keys is not an approved algorithm.

2.7.3 AES GCM IV

The module implements AES GCM for being used in the TLS v1.2 and v1.3 protocols. AES GCM IV generation is in compliance with [FIPS140-3_IG] IG C.H for both protocols as follows:

Page 23
CertVendor
NumberName
E124Amazon

Amazon Linux 2023 GnuTLS Cryptographic Module

2.7.4 Key Derivation Using SP800-132 PBKDF

The module provides password-based key derivation (PBKDF), compliant with [SP800-132]. The module supports option 1a from section 5.4 of [SP800-132], in which the Master Key (MK) or a segment of it is used directly as the Data Protection Key (DPK). In accordance with [SP800-132], the module ensures that the following requirements are met when running the PBKDF approved service.

2.7.5 Compliance to SP 800-56Ar3 Assurances

The module offers DH and ECDH shared secret computation services compliant to the [SP800-56Ar3] and meeting IG D.F scenario 2 path (1) and path (2). To meet the required assurances listed in section 5.6 of [SP80056Ar3], the module shall be used together with an application that implements the "TLS protocol" and the following steps shall be performed. 1. 2. 3. The entity using the module, must use the module's "Asymmetric Key Generation" service for generating DH/ECDH ephemeral keys. This meets the assurances required by key pair owner defined in the section 5.6.2.1 of [SP800-56Ar3]. As part of the module's shared secret computation (SSC) service, the module internally performs the public key validation on the peer's public key passed in as input to the SSC function. This meets the public key validity assurance required by the sections 5.6.2.2.1/5.6.2.2.2 of [SP800-56Ar3]. The module does not support static keys therefore the "assurance of peer's possession of private key" is not applicable.

2.8 RBG and Entropy

Table 10: Entropy Certificates © 2025 Amazon Web Services, Inc./atsec information security.

Page 24
Sensitive security parameter
NameTypeStrengthOperational EnvironmentEntropy per SampleConditioning Component
Userspace CPU Time Jitter RNG Entropy SourceNon- Physical256 bitsAmazon Linux 2023 on EC2 c7g.metal with AWS Graviton3; Amazon Linux 2023 on EC2 c6i.metal with Intel Xeon Platinum 8375C; Amazon Linux 2023 on AWS Snowball with AMD EPYC 7702; Amazon Linux 2023 on AWS Snowblade with Intel Xeon Gold 6314U; Amazon Linux 2023 on AWS Snowcone with Intel Atom C3558256 bitsSHA3-256 (A4551); HMAC-SHA2-512 DRBG (A4551)

Amazon Linux 2023 GnuTLS Cryptographic Module Table 11: Entropy Sources The module employs a Deterministic Random Bit Generator (DRBG) based on [SP800-90Ar1] for the creation of seeds for symmetric keys, asymmetric keys, random numbers for security functions (e.g. ECDSA signature generation), and server and client random numbers for the TLS protocol. In addition, the module provides a Random Number Generation service to calling applications. The DRBG supports the CTR_DRBG with AES-256, without a derivation function and without prediction resistance. The module uses an [SP800-90B]-compliant entropy source specified in the Entropy Sources table. This entropy source is located within the physical perimeter, but outside of the cryptographic boundary of the module. The module obtains 384 bits to seed the DRBG, and 256 bits to reseed it, sufficient to provide a DRBG with 256 bits of security strength.

2.9 Key Generation

The module implements key generation methods according to SP 800-133r2 section 4 example 1, without the use of V. The key generation methods are specified in the Vendor Affirmed Algorithms table and the Security Function Implementations table. Additionally, the module implements key derivation methods according to section 6.2 of SP 800-133r2. The key derivation methods are specified in the Security Function Implementations table.

2.10 Key Establishment

The module implements SSP agreement, compliant with IG D.F scenario 2(1) and scenario 2(2). Additionally, the module implements SSP transport, compliant with IG D.G. The Key Establishment methods are specified in the Security Function Implementations table.

2.11 Industry Protocols

The module implements KDF for the TLS protocol TLSv1.0, TLSv1.1, TLSv1.2. No parts of the TLS 1.0/1.1/1.2, other than the key derivation functions mentioned above, have been tested by the CAVP and CMVP. The module implements HKDF for the TLS protocol TLSv1.3. © 2025 Amazon Web Services, Inc./atsec information security.

Page 25
Ports and interfaces
NamePhysical PortLogical InterfaceData That Passes
N/AN/AData InputAPI input parameters
N/AN/AData OutputAPI output parameters
N/AN/AControl InputAPI function calls, API input parameters for control
N/AN/AStatus OutputAPI return codes

Amazon Linux 2023 GnuTLS Cryptographic Module

3 Cryptographic Module Interfaces
3.1 Ports and Interfaces

N/A N/A N/A N/A Table 12: Ports and Interfaces © 2025 Amazon Web Services, Inc./atsec information security.

Page 26
Service
NameDescriptionRole AccessCsps AccessedApproved FunctionsIndicatorTypeInputOutputAuthentication Methods
Crypto OfficerCORoleNone
Symmetric Key GenerationGenerate AES or HMAC keyCrypto Officer - Module- generated AES Key: G - Module- generated HMAC Key: GSymmetric Key Generation with Counter DRBGGNUTLS_FIPS140_OP_APPROVEDKey sizeKey
Symmetric EncryptionPerform AES encryptionCrypto Officer - AES Key: W,ESymmetric Encryption with AES Authenticated Symmetric Encryption with AESGNUTLS_FIPS140_OP_APPROVEDKey, IV (for AEAD), PlaintextCiphertext
Symmetric DecryptionPerform AES decryptionCrypto Officer - AES Key: W,ESymmetric Decryption with AES Authenticated Symmetric Decryption with AESGNUTLS_FIPS140_OP_APPROVEDKey, IV (for AEAD), CiphertextPlaintext
Asymmetric Key GenerationGenerate RSA or ECDSA key pairsCrypto Officer - Module- generated RSA Public Key: G,R - Module- generatedKey Pair Generation with RSA Key Pair Generation with ECDSAGNUTLS_FIPS140_OP_APPROVEDRSA key size or Elliptic CurveKey pair
Service
NameDescriptionRolesRole AccessCsps AccessedApproved FunctionsIndicatorTypeInputOutputAuthentication Methods
Crypto OfficerCORoleNone
Symmetric Key GenerationGenerate AES or HMAC keyCrypto Officer - Module- generated AES Key: G - Module- generated HMAC Key: GSymmetric Key Generation with Counter DRBGGNUTLS_FIPS140_OP_APPROVEDKey sizeKey
Symmetric EncryptionPerform AES encryptionCrypto Officer - AES Key: W,ESymmetric Encryption with AES Authenticated Symmetric Encryption with AESGNUTLS_FIPS140_OP_APPROVEDKey, IV (for AEAD), PlaintextCiphertext
Symmetric DecryptionPerform AES decryptionCrypto Officer - AES Key: W,ESymmetric Decryption with AES Authenticated Symmetric Decryption with AESGNUTLS_FIPS140_OP_APPROVEDKey, IV (for AEAD), CiphertextPlaintext
Asymmetric Key GenerationGenerate RSA or ECDSA key pairsCrypto Officer - Module- generated RSA Public Key: G,R - Module- generatedKey Pair Generation with RSA Key Pair Generation with ECDSAGNUTLS_FIPS140_OP_APPROVEDRSA key size or Elliptic CurveKey pair
Diffie-Hellman Key Generation using Safe PrimesPerform DH key agreement with safe primesCrypto Officer - Module- generated Diffie- Hellman Public Key: G - Module- generated Diffie- Hellman Private Key: G - Intermediate Key Generation Value: G,EKey Pair Generation with Safe PrimesGNUTLS_FIPS140_OP_APPROVEDKey sizeKey pair
ECDSA Digital Signature GenerationGenerate a digital signatureCrypto Officer - ECDSA Private Key: W,EDigital Signature Generation with ECDSAGNUTLS_FIPS140_OP_APPROVEDMessage, hash algorithm, private keyDigital signature
RSA Digital Signature GenerationGenerate a digital signatureCrypto Officer - RSA Private Key: W,EDigital Signature Generation with RSAGNUTLS_FIPS140_OP_APPROVEDMessage, hash algorithm, private keyDigital signature
ECDSA Digital Signature VerificationVerify a digital signatureCrypto Officer - ECDSA Public Key: W,EDigital Signature Verification with ECDSAGNUTLS_FIPS140_OP_APPROVEDDigital signature, hash algorithm, public keyVerification result
RSA Digital Signature VerificationVerify a digital signatureCrypto Officer - RSA Public Key: W,EDigital Signature Verification with RSAGNUTLS_FIPS140_OP_APPROVEDDigital signature, hash algorithm, public keyVerification result
Public Key VerificationVerify ECDSA public keyCrypto Officer - ECDSA Public Key: W,EPublic Key Verification with ECDSAGNUTLS_FIPS140_OP_APPROVEDKeyReturn codes/log messages
Random Number GenerationGenerate random bit stringsCrypto Officer - Entropy Input: W,E - Counter DRBG Seed: G,E - Counter DRBG Internal State: V Value, Key: G,ERandom Number Generation with Counter DRBGGNUTLS_FIPS140_OP_APPROVEDNumber of bitsRandom number
Message DigestCompute SHA hashesCrypto OfficerMessage Digest with SHAGNUTLS_FIPS140_OP_APPROVEDMessageDigest of the message
HMAC Message Authentication Code (MAC)Compute HMACCrypto Officer - HMAC Key: W,EMessage Authentication Code with HMACGNUTLS_FIPS140_OP_APPROVEDMessage, HMAC keyMessage authentication code (MAC)
AES Message Authentication Code (MAC)Compute AES-based CMAC or AES-based GMACCrypto Officer - AES Key: W,EMessage Authentication Code with AESGNUTLS_FIPS140_OP_APPROVEDMessage, AES keyMessage authentication code (MAC)
Diffie-Hellman Shared Secret ComputationPerform DH shared secret computationCrypto Officer - Diffie- Hellman Public Key: W,E - Diffie- HellmanShared Secret Computation with KAS-FFC- SSCGNUTLS_FIPS140_OP_APPROVEDDH private key, DH public key from peerShared secret
EC Diffie- Hellman Shared Secret ComputationPerform ECDH shared secret computationCrypto Officer - EC Diffie- Hellman Public Key: W,E - EC Diffie- Hellman Private Key: W,EShared Secret Computation with KAS- ECC-SSCGNUTLS_FIPS140_OP_APPROVEDEC private key, EC public key from peerShared secret
TLS KDF and HKDF Key Derivation (derivation of TLS Master Secret)Perform key derivationCrypto Officer - TLS Pre- master Secret: W,E - TLS Master Secret: G,RKey Derivation with TLS KDF Key Derivation with KDA HKDFGNUTLS_FIPS140_OP_APPROVEDTLS pre-master secretTLS master secret
TLS KDF and HKDF Key Derivation (derivation of TLS Derived Secret)Perform key derivationCrypto Officer - TLS Master Secret: W,E - TLS Derived Secret: G,RKey Derivation with TLS KDF Key Derivation with KDA HKDFGNUTLS_FIPS140_OP_APPROVEDTLS master secretTLS Derived Secret
PBKDF Key DerivationPerform password- based key derivationCrypto Officer - PBKDF Password or Passphrase: W,E,Z - PBKDF Derived Key: G,RKey Derivation with PBKDFGNUTLS_FIPS140_OP_APPROVEDPassword/passphrasePBKDF Derived key
Transport Layer Security (TLS) Network ProtocolProvide supported cipher suites (listed in Appendix A) in approved modeCrypto Officer - AES Key: W,E - HMAC Key: W,E - RSA Public Key: W,E - RSA Private Key: W,E - ECDSA Public Key: W,E - ECDSA Private Key: W,E - Module- generated Diffie-Symmetric Encryption with AES Symmetric Decryption with AES Authenticated Symmetric Encryption with AES Authenticated Symmetric Decryption with AES Message Authentication Code with HMAC Message DigestGNUTLS_FIPS140_OP_APPROVEDCipher-suites listed in Appendix A, Digital Certificate, Public and Private Keys, Application DataReturn codes and/or log messages, Application data
with SHA Digital Signature Generation with RSA Digital Signature Generation with ECDSA Digital Signature Verification with RSA Digital Signature Verification with ECDSA Key Pair Generation with Safe Primes Public Key Verification with ECDSA TLS HandshakeHellman Public Key: G,E - Module- generated Diffie- Hellman Private Key: G,E - Module- generated EC Diffie- Hellman Public Key: G,E - TLS Pre- master Secret: G,E - TLS Master Secret: G,E - TLS Derived Secret: G,R - Intermediate Key Generation Value: G,Ewith SHA Digital Signature Generation with RSA Digital Signature Generation with ECDSA Digital Signature Verification with RSA Digital Signature Verification with ECDSA Key Pair Generation with Safe Primes Public Key Verification with ECDSA TLS Handshake
Show StatusShow module statusCrypto OfficerNoneN/AN/AReturn codes and/or log messages
Self-testsPerform self- testsCrypto OfficerSymmetric Encryption with AES Symmetric Decryption with AES Authenticated Symmetric Encryption with AES Authenticated Symmetric Decryption with AES Message Authentication Code with AES Message Authentication Code with HMAC Message Digest with SHA Key Derivation with TLS KDF Key Derivation with KDAN/AModule resetResult of self- test (pass/fail)
Show Module Name and VersionShow module name and versionCrypto OfficerNoneN/ANoneName and version information
Symmetric Key GenerationGenerate symmetric key other than AES and HMAC keysCrypto OfficerDRBG when key length is less than 112 bits
Symmetric EncryptionCompute the cipher for encryptionCrypto OfficerBlowfish Camellia CAST Chacha20 and Poly1305 DES GOST RC2, RC4 Salsa20 SEED Serpent Triple-DES Twofish
Symmetric DecryptionCompute the plaintext for decryptionCrypto OfficerBlowfish Camellia CAST Chacha20 and Poly1305 DES GOST RC2, RC4 Salsa20 SEED Serpent

Amazon Linux 2023 GnuTLS Cryptographic Module

4 Roles, Services, and Authentication
4.2 Roles

Table 13: Roles The module supports the Crypto Officer role only. This sole role is implicitly and always assumed by the operator of the module. No support is provided for multiple concurrent operators.

4.3 Approved Services

- Modulegenerated G W,E W,E - Modulegenerated - Modulegenerated © 2025 Amazon Web Services, Inc./atsec information security.

Page 27

Amazon Linux 2023 GnuTLS Cryptographic Module - Modulegenerated G,R - Modulegenerated G,R - Modulegenerated EC DiffieHellman G,R - Modulegenerated EC DiffieHellman G,R - Modulegenerated DiffieHellman G - Modulegenerated DiffieHellman G W,E © 2025 Amazon Web Services, Inc./atsec information security.

Page 28

Amazon Linux 2023 GnuTLS Cryptographic Module W,E W,E G,E G,E W,E W,E - DiffieHellman © 2025 Amazon Web Services, Inc./atsec information security.

Page 29

Amazon Linux 2023 GnuTLS Cryptographic Module W,E EC DiffiePerform - EC DiffieHellman W,E - EC DiffieHellman W,E passwordbased key W,E,Z G,R W,E W,E - ModuleHMAC © 2025 Amazon Web Services, Inc./atsec information security.

Page 30

Amazon Linux 2023 GnuTLS Cryptographic Module G,E - Modulewith RSA DiffieSignature G,E - ModuleSignature Diffiewith RSA G,E N/A N/A - Modulegenerated - Modulegenerated Z - Modulegenerated - Modulegenerated © 2025 Amazon Web Services, Inc./atsec information security.

Page 31

Amazon Linux 2023 GnuTLS Cryptographic Module - Modulegenerated Z Z - Modulegenerated DiffieHellman - Modulegenerated DiffieHellman Z - DiffieHellman - DiffieHellman Z - Modulegenerated EC DiffieHellman - Modulegenerated EC DiffieHellman Z - EC DiffieHellman - EC DiffieHellman Z - (DiffieHellman) - (EC DiffieHellman) © 2025 Amazon Web Services, Inc./atsec information security.

Page 32

Amazon Linux 2023 GnuTLS Cryptographic Module Z Z - TLS Premaster © 2025 Amazon Web Services, Inc./atsec information security.

Page 33

Amazon Linux 2023 GnuTLS Cryptographic Module © 2025 Amazon Web Services, Inc./atsec information security.

Page 34
Service
NameDescriptionRolesCsps AccessedApproved FunctionsIndicatorInputOutput
Show Module Name and VersionShow module name and versionCrypto OfficerNoneN/ANoneName and version information
Symmetric Key GenerationGenerate symmetric key other than AES and HMAC keysCrypto OfficerDRBG when key length is less than 112 bits
Symmetric EncryptionCompute the cipher for encryptionCrypto OfficerBlowfish Camellia CAST Chacha20 and Poly1305 DES GOST RC2, RC4 Salsa20 SEED Serpent Triple-DES Twofish
Symmetric DecryptionCompute the plaintext for decryptionCrypto OfficerBlowfish Camellia CAST Chacha20 and Poly1305 DES GOST RC2, RC4 Salsa20 SEED Serpent
Asymmetric Key GenerationGenerate key pairsCrypto OfficerDSA ECDSA with curves not listed in the Approved Algorithms table RSA with keys smaller than 2048 bits or greater than 4096 bits.
Digital Signature GenerationSign RSA, DSA, and ECDSA signaturesCrypto OfficerDSA ECDSA with curves/hash functions not listed in the Approved Algorithms table RSA with keys smaller than 2048 bits or greater than 4096 bits and/or hash functions not listed in the Approved Algorithms table
Digital Signature VerificationVerify RSA, DSA, and ECDSA signaturesCrypto OfficerDSA ECDSA with curves/hash functions not listed in the Approved Algorithms table RSA with keys smaller than 2048 bits or greater than 4096 bits and/or hash functions not listed in the Approved Algorithms table
Message DigestCompute message digestCrypto OfficerGOST MD2, MD4, MD5 RMD160 STREEBOG
Message Authentication Code (MAC)Compute HMAC or CMACCrypto OfficerCMAC with Triple-DES HMAC with keys smaller than 112-bit HMAC with GOST RMD160 UMAC
Key EncapsulationPerform RSA key encapsulationCrypto OfficerRSA
Key Un-encapsulationPerform RSA key un- encapsulationCrypto OfficerRSA
Diffie-Hellman Shared Secret ComputationPerform DH shared secret computationCrypto OfficerDiffie-Hellman with keys generated with domain parameters other than safe primes
EC Diffie-Hellman Shared Secret ComputationPerform ECDH shared secret computationCrypto OfficerEC Diffie-Hellman with curves not listed in the Approved Algorithms table
Key DerivationPerform key derivationCrypto OfficerPBKDF with HMAC not listed in the Approved Algorithms table or using input parameters not meeting requirements stated in section 2.7
Transport Layer Security (TLS) Network ProtocolProvide non-supported cipher suitesCrypto OfficerNon-supported cipher suites (not listed in Appendix A)
Random Number GenerationGenerate random numbersCrypto OfficerYarrow
Key AgreementPerform key agreementCrypto OfficerDiffie-Hellman with keys generated with domain parameters other than safe primes EC Diffie-Hellman with curves not listed in the Approved Algorithms table SRP

Amazon Linux 2023 GnuTLS Cryptographic Module Table 14: Approved Services The following convention is used to specify access rights to a SSP:

4.4 Non-Approved Services

© 2025 Amazon Web Services, Inc./atsec information security.

Page 35

Amazon Linux 2023 GnuTLS Cryptographic Module © 2025 Amazon Web Services, Inc./atsec information security.

Page 36

Amazon Linux 2023 GnuTLS Cryptographic Module

4.5 External Software/Firmware Loaded

The module does not support loading software or firmware from an external source. © 2025 Amazon Web Services, Inc./atsec information security.

Page 37

Amazon Linux 2023 GnuTLS Cryptographic Module

5 Software/Firmware Security
5.1 Integrity Techniques

The integrity of the module is verified by comparing an HMAC-SHA2-256 value calculated at run time with the HMAC value stored in the .hmac file that was computed at build time for each software component of the module listed in Section 2. If the HMAC values do not match, the test fails, and the module enters the Error state.

5.2 Initiate on Demand

The module provides the Self-Test service to perform self-tests on demand which includes the pre-operational test (i.e., integrity test) and the cryptographic algorithm self-tests (CASTs). The Self-Tests service can be called on demand by invoking the gnutls_fips140_run_self_tests() function which will perform integrity tests and the CASTs. Additionally, the Self-Test service can be invoked by powering-off and reloading the module. During the execution of the on-demand self-tests, services are not available, and no data output is possible. © 2025 Amazon Web Services, Inc./atsec information security.

Page 38

Amazon Linux 2023 GnuTLS Cryptographic Module

6 Operational Environment
6.1 Operational Environment Type and Requirements

Type of Operational Environment: Modifiable How Requirements are Satisfied: the module executes on a general-purpose operating system (Amazon Linux 2023), which allows modification, loading, and execution of software that is not part of the validated module. The module should be compiled and installed as stated in Section 11.1.

6.2 Configuration Settings and Restrictions

Instrumentation tools like the ptrace system call, gdb and strace, userspace live patching, as well as other tracing mechanisms offered by the Linux environment such as ftrace or systemtap, shall not be used in the operational environment. The use of any of these tools implies that the cryptographic module is running in a non-validated operational environment.

6.3 Additional Information

The operating system provides process isolation and memory protection mechanisms that ensure appropriate separation for memory access among the processes on the system. Each process has control over its own data and uncontrolled access to the data of other processes is prevented. © 2025 Amazon Web Services, Inc./atsec information security.

Page 39

Amazon Linux 2023 GnuTLS Cryptographic Module

7 Physical Security

The module is comprised of software only, and therefore this section is not applicable. © 2025 Amazon Web Services, Inc./atsec information security.

Page 40

Amazon Linux 2023 GnuTLS Cryptographic Module

8 Non-Invasive Security

This module does not implement any non-invasive security mechanism, and therefore this section is not applicable. © 2025 Amazon Web Services, Inc./atsec information security.

Page 41
Service
NameApproved FunctionsTypeFromToDistribution Type
API input parametersElectronicPlaintextCalling application within TOEPPCryptographic moduleManual
API output parametersElectronicPlaintextCryptographic moduleCalling application within TOEPPManual
StorageDescriptionPersistence
AreaType
Name
RAMTemporary storage for SSPs used by the module as part of service execution. The module does not perform persistent storage of SSPs.Dynamic
ZeroizationDescriptionRationaleOperator Initiation
Method
Free cipher handleZeroizes the SSPs referenced in the function nameMemory occupied by SSPs is overwritten with zeros, which renders the SSP values irretrievableBy calling the appropriate zeroization functions: AES Key: gnutls_cipher_deinit() AES Key: gnutls_aead_cipher_deinit() HMAC Key: gnutls_hmac_deinit() RSA Public Key, RSA Private Key: gnutls_privkey_deinit() gnutls_x509_privkey_deinit() gnutls_rsa_params_deinit() ECDSA Public Key, ECDSA Private Key: gnutls_privkey_deinit() gnutls_x509_privkey_deinit() gnutls_rsa_params_deinit() Diffie-Hellman Public Key, Diffie-Hellman Private Key: gnutls_dh_params_deinit() TLS Pre-master Secret: gnutls_deinit() TLS Master Secret: gnutls_deinit() TLS Derived Secret: gnutls_deinit() Diffie- Hellman Public Key, Diffie-Hellman Private Key: gnutls_pk_params_clear() EC Diffie-Hellman Public Key, EC Diffie-Hellman Private Key: gnutls_pk_params_clear() Diffie-Hellman Shared Secret: zeroize key() EC Diffie-Hellman Shared Secret: zeroize key() All SSPs: gnutls_global_deinit()
Remove power from the moduleDe-allocates the volatile memory used to store SSPsVolatile memory used by the module is overwritten within nanoseconds when power is removedBy removing power

Amazon Linux 2023 GnuTLS Cryptographic Module

9 Sensitive Security Parameters Management
9.1 Storage Areas

Table 16: Storage Areas Table 17: SSP Input-Output Methods form within the physical perimeter of the operational environment. This is allowed by [FIPS140-3_IG] IG 9.5.A, according to the “CM Software to/from App via TOEPP Path” entry in the Key Establishment Table. © 2025 Amazon Web Services, Inc./atsec information security.

Page 42
Sensitive security parameter
NameTypeDescriptionStrengthGenerationEstablishmentUse
Module- generated AES KeySymmetric key - CSPAES key generated during Symmetric Key Generation128, 192, 256 bits - 128, 192, 256 bitsSymmetric Key Generation with Counter DRBG
AES KeySymmetric key - CSPAES key used for Symmetric Encryption, Symmetric Decryption and Message Authentication Code128, 192, 256 bits - 128, 192, 256 bitsSymmetric Encryption with AES Symmetric Decryption with AES Authenticated Symmetric Encryption with AES Authenticated Symmetric Decryption with AES Message Authentication Code with AES Key Wrapping with AES Key Unwrapping with AES Key Wrapping with AES and HMAC Key Unwrapping with AES and HMAC
Module- generated HMAC KeyAuthentication key - CSPHMAC key generated during Symmetric Key Generation112-256 bit keys (Increment 8) - 112- 256 bitsSymmetric Key Generation with Counter DRBG
HMAC KeyAuthentication key - CSPHMAC key used for computing MAC tags112-524288 bit keys (Increment 8) - 112- 256 bitsMessage Authentication Code with HMAC Key Unwrapping with AES and HMAC
Module- generated RSA Public KeyPublic key - PSPRSA Public key generated during Asymmetric Key Generation2048, 3072, 4096 bits - 112, 128, 149 bitsKey Pair Generation with RSA
Module- generated RSA Private KeyPrivate key - CSPRSA Private key generated during Asymmetric Key Generation2048, 3072, 4096 bits - 112, 128, 149 bitsKey Pair Generation with RSA
RSA Public KeyPublic key - PSPRSA public key used for Signature Verification2048, 3072, 4096 bits - 112, 128, 149 bitsDigital Signature Verification with RSA
RSA Private KeyPrivate key - CSPRSA private key used for Signature Generation2048, 3072, 4096 bits - 112, 128, 149 bitsDigital Signature Generation with RSA
Module- generated ECDSA Public KeyPublic key - PSPECDSA public key generated during Asymmetric Key GenerationP-256, P-384, P-521 - 128, 192, 256 bitsKey Pair Generation with ECDSA
Module- generated ECDSA Private KeyPrivate key - CSPECDSA private key generated during Asymmetric Key GenerationP-256, P-384, P-521 - 128, 192, 256 bitsKey Pair Generation with ECDSA
ECDSA Public KeyPublic key - PSPPublic key used for Digital Signature Verification, Public Key VerificationP-256, P-384, P-521 - 128, 192, 256 bitsDigital Signature Verification with ECDSA Public Key Verification with ECDSA
ECDSA Private KeyPrivate key - CSPPrivate key used for Digital Signature Generation, Public Key VerificationP-256, P-384, P-521 - 128, 192, 256 bitsDigital Signature Generation with ECDSA Public Key Verification with ECDSA
Module- generated Diffie-Hellman Public KeyPublic key - PSPDiffie-Hellman public key generated during Diffie- Hellman Key Generation using Safe PrimesMODP-2048, MODP- 3072, MODP-4096, MODP-6144, MODP- 8192, ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192 2048, 3072, 4096, 6144, 8192 bits - 112- 200 bitsKey Pair Generation with Safe PrimesTLS Handshake
Module- generatedPrivate key - CSPDiffie-Hellman private key generated duringMODP-2048, MODP- 3072, MODP-4096,Key Pair GenerationTLS Handshake
Diffie-Hellman Private KeyDiffie-Hellman Key Generation using Safe PrimesMODP-6144, MODP- 8192, ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192; 2048, 3072, 4096, 6144, 8192 bits - 112- 200 bitswith Safe Primes
Diffie-Hellman Public KeyPublic key - PSPPublic key used for Shared Secret ComputationMODP-2048, MODP- 3072, MODP-4096, MODP-6144, MODP- 8192, ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192; 2048, 3072, 4096, 6144, 8192 bits - 112- 200 bitsShared Secret Computation with KAS-FFC- SSC
Diffie-Hellman Private KeyPrivate key - CSPPrivate key used for Shared Secret ComputationMODP-2048, MODP- 3072, MODP-4096, MODP-6144, MODP- 8192, ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192; 2048, 3072, 4096, 6144, 8192 bits - 112- 200 bitsShared Secret Computation with KAS-FFC- SSC
Module- generated EC Diffie-Hellman Public KeyPublic key - PSPEC Diffie-Hellman public key generated during Asymmetric Key GenerationP-256, P-384, P-521 - 128, 192, 256 bitsKey Pair Generation with ECDSATLS Handshake
Module- generated EC Diffie-Hellman Private KeyPrivate key - CSPEC Diffie-Hellman private key generated during Asymmetric Key GenerationP-256, P-384, P-521 - 128, 192, 256 bitsKey Pair Generation with ECDSATLS Handshake
EC Diffie- Hellman Public KeyPublic key - PSPPublic key used for Shared Secret ComputationP-256, P-384, P-521 - 128, 192, 256 bitsShared Secret Computation with KAS-ECC- SSC
EC Diffie- Hellman Private KeyPrivate key - CSPPrivate key used for Shared Secret ComputationP-256, P-384, P-521 - 128, 192, 256 bitsShared Secret Computation with KAS-ECC- SSC
(Diffie- Hellman) Shared SecretShared secret - CSPShared secret computed during Shared Secret Computation with Diffie- Hellman2048, 3072, 4096, 6144, 8192 bits - 112- 200 bitsShared Secret Computation with KAS-FFC- SSC
(EC Diffie- Hellman) Shared SecretShared secret - CSPShared secret computed from EC Diffie-Hellman Key AgreementP-256, P-384, P-521 - 128-256 bitsShared Secret Computation with KAS-FFC- SSC
PBKDF Password or PassphrasePassword/passphrase - CSPPassword/passphrase used for Key Derivation8-524288 bits - N/A
PBKDF Derived KeyDerived key - CSPKey derived from PBKDF password/passphrase during Key Derivation112-4096 bits - 112- 256 bitsKey Derivation with PBKDF
Entropy InputEntropy - CSPEntropy input used to seed the Counter DRBG256 bits - 256 bitsRandom Number Generation with Counter DRBG
Counter DRBG SeedDRBG seed - CSPCounter DRBG seed derived from Entropy Input256 bits - 256 bitsRandom Number Generation with Counter DRBGRandom Number Generation with Counter DRBG
Counter DRBG Internal State: V Value, KeyInternal state - CSPInternal state of Counter DRBG256 bits - 256 bitsRandom Number Generation with Counter DRBGRandom Number Generation with Counter DRBG
TLS Pre-master SecretPre-master secret - CSPTLS Pre-master Secret used for deriving the TLS Master Secret112-256 bits - 112-256 bitsShared Secret Computation with KAS- ECC-SSC Shared Secret Computation with KAS-FFC- SSCTLS Handshake
TLS Master SecretMaster secret - CSPTLS Master Secret used for deriving the TLS Derived Secret112-256 bits - 112-256 bitsKey Derivation with TLS KDFTLS Handshake
TLS Derived SecretDerived secret - CSPUsed as encryption key or MAC key112-256 bits - 112-256 bitsKey Derivation with TLS KDFTLS Handshake
Intermediate Key Generation ValueIntermediate value - CSPIntermediate key pair generation value generated during key generation services224-4096 bits - 112 to 256 bitsKey Pair Generation with RSA Key Pair Generation with ECDSA Key Pair Generation with Safe PrimesKey Pair Generation with RSA Key Pair Generation with ECDSA Key Pair Generation with Safe Primes
Zeroization MethodDescriptionRationaleOperator Initiation
Automatic lAutomatically zeroized by the module when no onger neededMemory occupied by SSPs is overwritten with zeros, which renders the SSP values irretrievableN/A

Amazon Linux 2023 GnuTLS Cryptographic Module longer needed Table 18: SSP Zeroization Methods All data output is inhibited during zeroization. Modulegenerated © 2025 Amazon Web Services, Inc./atsec information security.

Page 43

Amazon Linux 2023 GnuTLS Cryptographic Module Modulegenerated Modulegenerated © 2025 Amazon Web Services, Inc./atsec information security.

Page 44

Amazon Linux 2023 GnuTLS Cryptographic Module EC DiffieHellman EC DiffieHellman (DiffieHellman) (EC DiffieHellman) © 2025 Amazon Web Services, Inc./atsec information security.

Page 45

Amazon Linux 2023 GnuTLS Cryptographic Module Table 19: SSP Table 1 © 2025 Amazon Web Services, Inc./atsec information security.

Page 46
Sensitive security parameter
NameStorageZeroizationInputStorage DurationRelated SSPs
Module-generated AES KeyRAM:PlaintextFree cipher handle Remove power from the moduleAPI output parametersFor the duration of the serviceCounter DRBG Internal State: V Value, Key:Derived From
AES KeyRAM:PlaintextFree cipher handle Remove power from the moduleAPI input parametersFor the duration of the service
Module-generated HMAC KeyRAM:PlaintextFree cipher handle Remove power from the moduleAPI output parametersFor the duration of the serviceCounter DRBG Internal State: V Value, Key:Derived From
HMAC KeyRAM:PlaintextFree cipher handle Remove power from the moduleAPI input parametersFor the duration of the service
Module-generated RSA Public KeyRAM:PlaintextFree cipher handle Remove power from the moduleAPI output parametersFor the duration of the serviceModule-generated RSA Private Key:Paired With Intermediate Key Generation Value:Derived From
Module-generated RSA Private KeyRAM:PlaintextFree cipher handle Remove power from the moduleAPI output parametersFor the duration of the serviceModule-generated RSA Public Key:Paired With Intermediate Key Generation Value:Derived From
RSA Public KeyRAM:PlaintextFree cipher handle Remove power from the moduleAPI input parametersFor the duration of the serviceRSA Private Key:Paired With
RSA Private KeyRAM:PlaintextFree cipher handle Remove power from the moduleAPI input parametersFor the duration of the serviceRSA Public Key:Paired With
Module-generated ECDSA Public KeyRAM:PlaintextFree cipher handle Remove power from the moduleAPI output parametersFor the duration of the serviceModule-generated ECDSA Private Key:Paired With Intermediate Key Generation Value:Derived From
Module-generated ECDSA Private KeyRAM:PlaintextFree cipher handle Remove power from the moduleAPI output parametersFor the duration of the serviceModule-generated ECDSA Public Key:Paired With Intermediate Key Generation Value:Derived From
ECDSA Public KeyRAM:PlaintextFree cipher handle Remove power from the moduleAPI input parametersFor the duration of the serviceECDSA Private Key:Paired With Intermediate Key Generation Value:Derived From
ECDSA Private KeyRAM:PlaintextFree cipher handle Remove power from the moduleAPI input parametersFor the duration of the serviceECDSA Public Key:Paired With
Module-generated Diffie-Hellman Public KeyRAM:PlaintextFree cipher handle Remove power from the moduleAPI output parametersFor the duration of the serviceModule-generated Diffie-Hellman Private Key:Paired With Intermediate Key Generation Value:Derived From
Module-generated Diffie-Hellman Private KeyRAM:PlaintextFree cipher handle Remove power from the moduleAPI output parametersFor the duration of the serviceModule-generated Diffie-Hellman Public Key:Paired With Intermediate Key Generation Value:Derived From
Diffie-Hellman Public KeyRAM:PlaintextFree cipher handle Remove power from the moduleAPI input parametersFor the duration of the serviceDiffie-Hellman Private Key:Derived From Intermediate Key Generation Value:Derived From (Diffie-Hellman) Shared Secret:Used With
Diffie-Hellman Private KeyRAM:PlaintextFree cipher handle Remove power from the moduleAPI input parametersFor the duration of the serviceDiffie-Hellman Public Key:Paired With Intermediate Key Generation Value:Derived From (Diffie-Hellman) Shared Secret:Used With
Module-generated EC Diffie-Hellman Public KeyRAM:PlaintextFree cipher handle Remove power from the moduleAPI output parametersFor the duration of the serviceModule-generated EC Diffie- Hellman Private Key:Paired With Intermediate Key Generation Value:Derived From
Module-generated EC Diffie-Hellman Private KeyRAM:PlaintextFree cipher handle Remove power from the moduleAPI output parametersFor the duration of the serviceModule-generated EC Diffie- Hellman Public Key:Paired With Intermediate Key Generation Value:Derived From
EC Diffie-Hellman Public KeyRAM:PlaintextFree cipher handle Remove power from the moduleAPI input parametersFor the duration of the serviceEC Diffie-Hellman Private Key:Paired With (EC Diffie-Hellman) Shared Secret:Used With
EC Diffie-Hellman Private KeyRAM:PlaintextFree cipher handle Remove power from the moduleAPI input parametersFor the duration of the serviceEC Diffie-Hellman Public Key:Paired With (EC Diffie-Hellman) Shared Secret:Used With
(Diffie-Hellman) Shared SecretRAM:PlaintextFree cipher handle Remove power from the moduleAPI output parametersFor the duration of the serviceDiffie-Hellman Public Key:Used With Diffie-Hellman Private Key:Used With
(EC Diffie-Hellman) Shared SecretRAM:PlaintextFree cipher handle Remove power from the moduleAPI output parametersFor the duration of the serviceEC Diffie-Hellman Public Key:Used With EC Diffie-Hellman Private Key:Used With
PBKDF Password or PassphraseRAM:PlaintextAutomaticAPI input parametersFor the duration of the servicePBKDF Derived Key:Derived From
PBKDF Derived KeyRAM:PlaintextFree cipher handle Remove power from the moduleFor the duration of the servicePBKDF Password or Passphrase:Derived From
Entropy InputRAM:PlaintextFree cipher handle Remove power from the moduleFrom generation until Counter DRBG Seed is createdCounter DRBG Seed:Derived From
Counter DRBG SeedRAM:PlaintextFree cipher handle Remove power from the moduleWhile the Counter DRBG is being instantiatedEntropy Input:Derived From Counter DRBG Internal State: V Value, Key:Derived From
Counter DRBG Internal State: V Value, KeyRAM:PlaintextFree cipher handle Remove power from the moduleWhile the Counter DRBG is being instantiatedCounter DRBG Seed:Derived From
TLS Pre-master SecretRAM:PlaintextFree cipher handle Remove power from the moduleFor the duration of the serviceTLS Master Secret:Derived From Module-generated Diffie-Hellman Public Key:Used With Module-generated Diffie-Hellman Private Key:Used With Module-generated EC Diffie- Hellman Public Key:Used With Module-generated EC Diffie- Hellman Private Key:Used With
TLS Master SecretRAM:PlaintextFree cipher handle Remove power from the moduleFor the duration of the serviceTLS Pre-master Secret:Derived From TLS Derived Secret:Derived From
TLS Derived SecretRAM:PlaintextFree cipher handle Remove power from the moduleAPI output parametersFor the duration of the serviceTLS Master Secret:Derived From
Intermediate Key Generation ValueRAM:PlaintextAutomaticIntermediate valueModule-generated RSA Public Key:Derived From Module-generated RSA Private Key:Derived From Module-generated Diffie-Hellman Public Key:Derived From Module-generated Diffie-Hellman Private Key:Derived From Module-generated EC Diffie- Hellman Public Key:Derived From Module-generated EC Diffie- Hellman Private Key:Derived From

Amazon Linux 2023 GnuTLS Cryptographic Module © 2025 Amazon Web Services, Inc./atsec information security.

Page 47

Amazon Linux 2023 GnuTLS Cryptographic Module © 2025 Amazon Web Services, Inc./atsec information security.

Page 48

Amazon Linux 2023 GnuTLS Cryptographic Module Table 20: SSP Table 2

9.5 Transitions

The SHA-1 algorithm as implemented by the module will be non-approved for all purposes, starting January 1, 2031. © 2025 Amazon Web Services, Inc./atsec information security.

Page 49

Amazon Linux 2023 GnuTLS Cryptographic Module The ECDSA, and RSA algorithms as implemented by the module conform to FIPS 186-4, which has been superseded by FIPS 186-5. The transition started on July 25, 2023, and ended on February 4, 2024. FIPS 186-4 was withdrawn on February 3, 2024. © 2025 Amazon Web Services, Inc./atsec information security.

Page 50
Self test
NameAlgorithm Or TestTest MethodTest TypeDetailsTestIndicator
TestTestProperties
HMAC-SHA2- 256 (A4545)HMAC-SHA2- 256 (A4545)Message AuthenticationSW/FW IntegrityIntegrity test for libgnutls.so.30, libnettle.so.8, libhogweed.so.6, libgmp.so.10256-bit keyModule becomes operational and services are available for use
Approved algorithm
NameMode MethodPropertiesTestIndicatorDetailsConditions
TestType
AES-CBC (A4537)Encrypt KAT256-bit keyCASTModule is operational and services are available for useEncryptionModule initialization
AES-CBC (A4537)Decrypt KAT256-bit keyCASTModule is operational and services are available for useDecryptionModule initialization
AES-CFB8 (A4542)Encrypt KAT256-bit keyCASTModule is operational and services are available for useEncryptionModule initialization
AES-CFB8 (A4542)Decrypt KAT256-bit keyCASTModule is operational and services are available for useDecryptionModule initialization
AES-GCM (A4537)Encrypt KAT256-bit key, 96-bit IVCASTModule is operational and services are available for useEncryptionModule initialization
AES-GCM (A4537)Decrypt KAT256-bit key, 96-bit IVCASTModule is operational and services are available for useDecryptionModule initialization
TestType
AES-XTS Testing Revision 2.0 (A4546)Encrypt KAT256-bit keyCASTModule is operational and services are available for useEncryptionModule initialization
AES-XTS Testing Revision 2.0 (A4546)Decrypt KAT256-bit keyCASTModule is operational and services are available for useDecryptionModule initialization
KAS-FFC-SSC Sp800-56Ar3 (A4545)Primitive “Z” Computation KATffdhe3072CASTModule is operational and services are available for useShared secret computationModule initialization
KAS-ECC-SSC Sp800-56Ar3 (A4545)Primitive “Z” Computation KATP-256 curveCASTModule is operational and services are available for useShared secret computationModule initialization
Counter DRBG (A4545)KAT CTR_DRBG with AES without DF, without PR256-bit keysCASTModule is operational and services are available for useKAT CTR_DRBG with AES with 256-bit keys without DF, without PRModule initialization
Counter DRBG (A4545)Health tests according to section 11.3 of [SP800- 90Ar1]Health testsCASTModule is operational and services are available for useHealth testsModule initialization
ECDSA SigGen (FIPS186-4) (A4545)KAT with P-256 using SHA2-256P-256 with SHA2-256CASTModule is operational and services are available for useSignature generationModule initialization
ECDSA SigVer (FIPS186-4) (A4545)KAT with P-256 using SHA2-256P-256 with SHA2-256CASTModule is operational and services are available for useSignature verificationModule initialization
RSA SigGen (FIPS186-4) (A4545)KAT with 2048-bit key using SHA2-2562048-bit key with SHA2-256CASTModule is operational and services are available for useSignature generationModule initialization
RSA SigVer (FIPS186-4) (A4545)KAT with 2048-bit key using SHA2-2562048-bit key with SHA2-256CASTModule is operational and services are available for useSignature verificationModule initialization
KDA HKDF Sp800-56Cr1 (A4544)KAT with HMAC- SHA2-256HMAC-SHA2-256CASTModule is operational and services are available for useKey derivationModule initialization
KDF TLS (A4545)KAT with HMAC- SHA2-256HMAC-SHA2-256CASTModule is operational and services are available for useKey derivationModule initialization
TestType
PBKDF (A4545)KAT with HMAC- SHA2-256HMAC-SHA2-256; password length: 24 bytes; salt length: 288 bits, iteration count: 4096CASTModule is operational and services are available for useKey derivationModule initialization
HMAC-SHA-1 (A4540)HMAC-SHA-1 KATHMAC-SHA-1CASTModule is operational and services are available for useMessage Authentication Code (MAC)Module initialization
HMAC-SHA2- 224 (A4540)HMAC-SHA2-224 KATHMAC-SHA2-224CASTModule is operational and services are available for useMessage Authentication Code (MAC)Module initialization
HMAC-SHA2- 256 (A4540)HMAC-SHA2-256 KATHMAC-SHA2-256CASTModule is operational and services are available for useMessage Authentication Code (MAC)Module initialization
HMAC-SHA2- 384 (A4540)HMAC-SHA2-384 KATHMAC-SHA2-384CASTModule is operational and services are available for useMessage Authentication Code (MAC)Module initialization
HMAC-SHA2- 512 (A4540)HMAC-SHA2-512 KATHMAC-SHA2-512CASTModule is operational and services are available for useMessage Authentication Code (MAC)Module initialization
SHA3-224 (A4541)SHA3-224 KATSHA3-224CASTModule is operational and services are available for useMessage digestModule initialization
SHA3-256 (A4541)SHA3-256 KATSHA3-256CASTModule is operational and services are available for useMessage digestModule initialization
SHA3-384 (A4541)SHA3-384 KATSHA3-384CASTModule is operational and services are available for useMessage digestModule initialization
SHA3-512 (A4541)SHA3-512 KATSHA3-512CASTModule is operational and services are available for useMessage digestModule initialization
ECDSA KeyGen (FIPS186-4) (A4545)Signature generation and verificationSHA2-256 with the respective curvePCTSuccessful key generationSignature generation and verificationKey pair generation service request
RSA KeyGen (FIPS186-4) (A4545)Signature generation and verificationSHA2-256 with the respective keyPCTSuccessful key generationSignature generation and verificationKey pair generation service request
TestType
Safe Primes Key Generation (A4545)PCT according to section 5.6.2.1.4 of [SP800-56Ar3]N/APCTSuccessful key generationPCT according to section 5.6.2.1.4 of [SP800-56Ar3]Key pair generation service request
ECDSA KeyGen (FIPS186-4) (A4545)Signature generation and verificationSHA2-256 with the respective curvePCTSuccessful key generationSignature generation and verification PCT that covers key pair generation for EC Diffie-HellmanKey pair generation service request
AES-CBC (A4538)Encrypt KAT256-bit keyCASTModule is operational and services are available for useEncryptionModule initialization
AES-CBC (A4538)Decrypt KAT256-bit keyCASTModule is operational and services are available for useDecryptionModule initialization
AES-CBC (A4539)Encrypt KAT256-bit keyCASTModule is operational and services are available for useEncryptionModule initialization
AES-CBC (A4539)Decrypt KAT256-bit keyCASTModule is operational and services are available for useDecryptionModule initialization
AES-CBC (A4540)Encrypt KAT256-bit keyCASTModule is operational and services are available for useEncryptionModule initialization
AES-CBC (A4540)Decrypt KAT256-bit keyCASTModule is operational and services are available for useDecryptionModule initialization
AES-CBC (A4545)Encrypt KAT256-bit keyCASTModule is operational and services are available for useEncryptionModule initialization
AES-CBC (A4545)Decrypt KAT256-bit keyCASTModule is operational and services are available for useDecryptionModule initialization
AES-CBC (A4572)Encrypt KAT256-bit keyCASTModule is operational and services are available for useEncryptionModule initialization
AES-CBC (A4572)Decrypt KAT256-bit keyCASTModule is operational and services are available for useDecryptionModule initialization
TestType
AES-CFB8 (A4548)Encrypt KAT256-bit keyCASTModule is operational and services are available for useEncryptionModule initialization
AES-CFB8 (A4548)Decrypt KAT256-bit keyCASTModule is operational and services are available for useDecryptionModule initialization
AES-CFB8 (A4543)Encrypt KAT256-bit keyCASTModule is operational and services are available for useEncryptionModule initialization
AES-CFB8 (A4543)Decrypt KAT256-bit keyCASTModule is operational and services are available for useDecryptionModule initialization
AES-GCM (A4538)Encrypt KAT256-bit key, 96-bit IVCASTModule is operational and services are available for useEncryptionModule initialization
AES-GCM (A4538)Decrypt KAT256-bit key, 96-bit IVCASTModule is operational and services are available for useDecryptionModule initialization
AES-GCM (A4539)Encrypt KAT256-bit key, 96-bit IVCASTModule is operational and services are available for useEncryptionModule initialization
AES-GCM (A4539)Decrypt KAT256-bit key, 96-bit IVCASTModule is operational and services are available for useDecryptionModule initialization
AES-GCM (A4540)Encrypt KAT256-bit key, 96-bit IVCASTModule is operational and services are available for useEncryptionModule initialization
AES-GCM (A4540)Decrypt KAT256-bit key, 96-bit IVCASTModule is operational and services are available for useDecryptionModule initialization
AES-GCM (A4545)Encrypt KAT256-bit key, 96-bit IVCASTModule is operational and services are available for useEncryptionModule initialization
AES-GCM (A4545)Decrypt KAT256-bit key, 96-bit IVCASTModule is operational and services are available for useDecryptionModule initialization
TestType
AES-GCM (A4572)Encrypt KAT256-bit key, 96-bit IVCASTModule is operational and services are available for useEncryptionModule initialization
AES-GCM (A4572)Decrypt KAT256-bit key, 96-bit IVCASTModule is operational and services are available for useDecryptionModule initialization
HMAC-SHA-1 (A4545)HMAC-SHA-1 KATHMAC-SHA-1CASTModule is operational and services are available for useMessage Authentication Code (MAC)Module initialization
HMAC-SHA-1 (A4572)HMAC-SHA-1 KATHMAC-SHA-1CASTModule is operational and services are available for useMessage Authentication Code (MAC)Module initialization
HMAC-SHA2- 224 (A4545)HMAC-SHA2-224 KATHMAC-SHA2-224CASTModule is operational and services are available for useMessage Authentication Code (MAC)Module initialization
HMAC-SHA2- 224 (A4572)HMAC-SHA2-224 KATHMAC-SHA2-224CASTModule is operational and services are available for useMessage Authentication Code (MAC)Module initialization
HMAC-SHA2- 256 (A4545)HMAC-SHA2-256 KATHMAC-SHA2-256CASTModule is operational and services are available for useMessage Authentication Code (MAC)Module initialization
HMAC-SHA2- 256 (A4572)HMAC-SHA2-256 KATHMAC-SHA2-256CASTModule is operational and services are available for useMessage Authentication Code (MAC)Module initialization
HMAC-SHA2- 512 (A4545)HMAC-SHA2-512 KATHMAC-SHA2-512CASTModule is operational and services are available for useMessage Authentication Code (MAC)Module initialization
HMAC-SHA2- 512 (A4572)HMAC-SHA2-512 KATHMAC-SHA2-512CASTModule is operational and services are available for useMessage Authentication Code (MAC)Module initialization
SHA3-224 (A4547)SHA3-224 KATSHA3-224CASTModule is operational and services are available for useMessage digestModule initialization
SHA3-256 (A4547)SHA3-256 KATSHA3-256CASTModule is operational and services are available for useMessage digestModule initialization
TestType
SHA3-384 (A4547)SHA3-384 KATSHA3-384CASTModule is operational and services are available for useMessage digestModule initialization
SHA3-512 (A4547)SHA3-512 KATSHA3-512CASTModule is operational and services are available for useMessage digestModule initialization

Amazon Linux 2023 GnuTLS Cryptographic Module

10 Self-Tests
10.1 Pre-Operational Self-Tests

Table 21: Pre-Operational Self-Tests The module performs the pre-operational self-test and CASTs automatically when the module is loaded into memory. The pre-operational self-test ensure that the module is not corrupted, and the CASTs ensure that the cryptographic algorithms work as expected. While the module is executing the self-tests, services are not available, and input and output are inhibited. The module is not available for use by the calling application until the pre-operational test and CASTs are completed successfully. After the pre-operational test and the CASTs succeed, the module becomes operational. If the pre-operational test or any of the CASTs fail, an error message is returned, and the module transitions to the Error state.

10.2 Conditional Self-Tests

© 2025 Amazon Web Services, Inc./atsec information security.

Page 51

Amazon Linux 2023 GnuTLS Cryptographic Module © 2025 Amazon Web Services, Inc./atsec information security.

Page 52

Amazon Linux 2023 GnuTLS Cryptographic Module © 2025 Amazon Web Services, Inc./atsec information security.

Page 53

Amazon Linux 2023 GnuTLS Cryptographic Module © 2025 Amazon Web Services, Inc./atsec information security.

Page 54

Amazon Linux 2023 GnuTLS Cryptographic Module © 2025 Amazon Web Services, Inc./atsec information security.

Page 55

Amazon Linux 2023 GnuTLS Cryptographic Module © 2025 Amazon Web Services, Inc./atsec information security.

Page 56
Self test
NameAlgorithm Or TestTest MethodTest TypePeriodPeriodic Method
HMAC-SHA2-256 (A4545)HMAC-SHA2-256 (A4545)Message AuthenticationSW/FW IntegrityOn demandManually
AES-CBC (A4537)AES-CBC (A4537)Encrypt KATCASTOn demandManually
AES-CBC (A4537)AES-CBC (A4537)Decrypt KATCASTOn demandManually
AES-CFB8 (A4542)AES-CFB8 (A4542)Encrypt KATCASTOn demandManually
AES-CFB8 (A4542)AES-CFB8 (A4542)Decrypt KATCASTOn demandManually
AES-GCM (A4537)AES-GCM (A4537)Encrypt KATCASTOn demandManually
AES-GCM (A4537)AES-GCM (A4537)Decrypt KATCASTOn demandManually
AES-XTS Testing Revision 2.0 (A4546)AES-XTS Testing Revision 2.0 (A4546)Encrypt KATCASTOn demandManually
AES-XTS Testing Revision 2.0 (A4546)AES-XTS Testing Revision 2.0 (A4546)Decrypt KATCASTOn demandManually
KAS-FFC-SSC Sp800- 56Ar3 (A4545)KAS-FFC-SSC Sp800- 56Ar3 (A4545)Primitive “Z” Computation KATCASTOn demandManually
KAS-ECC-SSC Sp800- 56Ar3 (A4545)KAS-ECC-SSC Sp800- 56Ar3 (A4545)Primitive “Z” Computation KATCASTOn demandManually
Counter DRBG (A4545)Counter DRBG (A4545)KAT CTR_DRBG with AES without DF, without PRCASTOn demandManually
Counter DRBG (A4545)Counter DRBG (A4545)Health tests according to section 11.3 of [SP800- 90Ar1]CASTOn demandManually
ECDSA SigGen (FIPS186- 4) (A4545)ECDSA SigGen (FIPS186- 4) (A4545)KAT with P-256 using SHA2-256CASTOn demandManually
ECDSA SigVer (FIPS186- 4) (A4545)ECDSA SigVer (FIPS186- 4) (A4545)KAT with P-256 using SHA2-256CASTOn demandManually
RSA SigGen (FIPS186-4) (A4545)RSA SigGen (FIPS186-4) (A4545)KAT with 2048-bit key using SHA2-256CASTOn demandManually
RSA SigVer (FIPS186-4) (A4545)RSA SigVer (FIPS186-4) (A4545)KAT with 2048-bit key using SHA2-256CASTOn demandManually
KDA HKDF Sp800-56Cr1 (A4544)KDA HKDF Sp800-56Cr1 (A4544)KAT with HMAC-SHA2- 256CASTOn demandManually
KDF TLS (A4545)KDF TLS (A4545)KAT with HMAC-SHA2- 256CASTOn demandManually
PBKDF (A4545)PBKDF (A4545)KAT with HMAC-SHA2- 256CASTOn demandManually
HMAC-SHA-1 (A4540)HMAC-SHA-1 (A4540)HMAC-SHA-1 KATCASTOn demandManually
HMAC-SHA2-224 (A4540)HMAC-SHA2-224 (A4540)HMAC-SHA2-224 KATCASTOn demandManually
HMAC-SHA2-256 (A4540)HMAC-SHA2-256 (A4540)HMAC-SHA2-256 KATCASTOn demandManually
HMAC-SHA2-384 (A4540)HMAC-SHA2-384 (A4540)HMAC-SHA2-384 KATCASTOn demandManually
HMAC-SHA2-512 (A4540)HMAC-SHA2-512 (A4540)HMAC-SHA2-512 KATCASTOn demandManually
SHA3-224 (A4541)SHA3-224 (A4541)SHA3-224 KATCASTOn demandManually
SHA3-256 (A4541)SHA3-256 (A4541)SHA3-256 KATCASTOn demandManually
SHA3-384 (A4541)SHA3-384 (A4541)SHA3-384 KATCASTOn demandManually
SHA3-512 (A4541)SHA3-512 (A4541)SHA3-512 KATCASTOn demandManually
ECDSA KeyGen (FIPS186- 4) (A4545)ECDSA KeyGen (FIPS186- 4) (A4545)Signature generation and verificationPCTOn demandManually
RSA KeyGen (FIPS186-4) (A4545)RSA KeyGen (FIPS186-4) (A4545)Signature generation and verificationPCTOn demandManually
Safe Primes Key Generation (A4545)Safe Primes Key Generation (A4545)PCT according to section 5.6.2.1.4 of [SP800-56Ar3]PCTOn demandManually
ECDSA KeyGen (FIPS186- 4) (A4545)ECDSA KeyGen (FIPS186- 4) (A4545)Signature generation and verificationPCTOn demandManually
AES-CBC (A4538)AES-CBC (A4538)Encrypt KATCASTOn demandManually
AES-CBC (A4538)AES-CBC (A4538)Decrypt KATCASTOn demandManually
AES-CBC (A4539)AES-CBC (A4539)Encrypt KATCASTOn demandManually
AES-CBC (A4539)AES-CBC (A4539)Decrypt KATCASTOn demandManually
AES-CBC (A4540)AES-CBC (A4540)Encrypt KATCASTOn demandManually
AES-CBC (A4540)AES-CBC (A4540)Decrypt KATCASTOn demandManually
AES-CBC (A4545)AES-CBC (A4545)Encrypt KATCASTOn demandManually
AES-CBC (A4545)AES-CBC (A4545)Decrypt KATCASTOn demandManually
AES-CBC (A4572)AES-CBC (A4572)Encrypt KATCASTOn demandManually
AES-CBC (A4572)AES-CBC (A4572)Decrypt KATCASTOn demandManually
AES-CFB8 (A4548)AES-CFB8 (A4548)Encrypt KATCASTOn demandManually
AES-CFB8 (A4548)AES-CFB8 (A4548)Decrypt KATCASTOn demandManually
AES-CFB8 (A4543)AES-CFB8 (A4543)Encrypt KATCASTOn demandManually
AES-CFB8 (A4543)AES-CFB8 (A4543)Decrypt KATCASTOn demandManually
AES-GCM (A4538)AES-GCM (A4538)Encrypt KATCASTOn demandManually
AES-GCM (A4538)AES-GCM (A4538)Decrypt KATCASTOn demandManually
AES-GCM (A4539)AES-GCM (A4539)Encrypt KATCASTOn demandManually
AES-GCM (A4539)AES-GCM (A4539)Decrypt KATCASTOn demandManually
AES-GCM (A4540)AES-GCM (A4540)Encrypt KATCASTOn demandManually
AES-GCM (A4540)AES-GCM (A4540)Decrypt KATCASTOn demandManually
AES-GCM (A4545)AES-GCM (A4545)Encrypt KATCASTOn demandManually
AES-GCM (A4545)AES-GCM (A4545)Decrypt KATCASTOn demandManually
AES-GCM (A4572)AES-GCM (A4572)Encrypt KATCASTOn demandManually
AES-GCM (A4572)AES-GCM (A4572)Decrypt KATCASTOn demandManually
HMAC-SHA-1 (A4545)HMAC-SHA-1 (A4545)HMAC-SHA-1 KATCASTOn demandManually
HMAC-SHA-1 (A4572)HMAC-SHA-1 (A4572)HMAC-SHA-1 KATCASTOn demandManually
HMAC-SHA2-224 (A4545)HMAC-SHA2-224 (A4545)HMAC-SHA2-224 KATCASTOn demandManually
HMAC-SHA2-224 (A4572)HMAC-SHA2-224 (A4572)HMAC-SHA2-224 KATCASTOn demandManually
HMAC-SHA2-256 (A4545)HMAC-SHA2-256 (A4545)HMAC-SHA2-256 KATCASTOn demandManually
HMAC-SHA2-256 (A4572)HMAC-SHA2-256 (A4572)HMAC-SHA2-256 KATCASTOn demandManually
HMAC-SHA2-512 (A4545)HMAC-SHA2-512 (A4545)HMAC-SHA2-512 KATCASTOn demandManually
HMAC-SHA2-512 (A4572)HMAC-SHA2-512 (A4572)HMAC-SHA2-512 KATCASTOn demandManually
SHA3-224 (A4547)SHA3-224 (A4547)SHA3-224 KATCASTOn demandManually
SHA3-256 (A4547)SHA3-256 (A4547)SHA3-256 KATCASTOn demandManually
SHA3-384 (A4547)SHA3-384 (A4547)SHA3-384 KATCASTOn demandManually
SHA3-512 (A4547)SHA3-512 (A4547)SHA3-512 KATCASTOn demandManually

Amazon Linux 2023 GnuTLS Cryptographic Module Table 22: Conditional Self-Tests

10.3 Periodic Self-Test Information

Table 23: Pre-Operational Periodic Information © 2025 Amazon Web Services, Inc./atsec information security.

Page 57

Amazon Linux 2023 GnuTLS Cryptographic Module © 2025 Amazon Web Services, Inc./atsec information security.

Page 58

Amazon Linux 2023 GnuTLS Cryptographic Module Table 24: Conditional Periodic Information © 2025 Amazon Web Services, Inc./atsec information security.

Page 59
Service
NameDescriptionRole AccessIndicatorRecovery Method
Error StateThe module stops functioning and ends the application processWhen the integrity test or KAT fail When the KAT of DRBG fails during CASTs When the newly generated RSA, ECDSA, Diffie-Hellman or EC Diffie-Hellman key pair fails the PCTGNUTLS_E_SELF_TEST_ERROR (-400); GNUTLS_E_RANDOM_FAILED (-206); GNUTLS_E_PK_GENERATION_ERROR (-403)The module must be restarted and perform the pre-operational self-test and the CASTs to recover from these errors.

Amazon Linux 2023 GnuTLS Cryptographic Module

10.4 Error States

Table 25: Error States In the Error state, the output interface is inhibited, and the module accepts no more inputs or requests (as the module is no longer running). The calling application can obtain the module state by calling the gnutls_fips140_get_operation_state() API function. A complete list of the error codes can be found in Appendix C “Error Codes and Descriptions” in the gnutls.pdf provided with the module's code.

10.5 Operator Initiation of Self-Tests

The module provides the Self-Test service to perform self-tests on demand which includes the pre-operational test (i.e., integrity test) and CASTs. The Self-Tests service can be called on demand by invoking the gnutls_fips140_run_self_tests() function which will perform integrity tests and the cryptographic algorithms self-tests. Additionally, the Self-Test service can be invoked by powering-off and reloading the module. During the execution of the on-demand self-tests, services are not available, and no data output is possible. The PCTs can be invoked on demand by requesting the Asymmetric Key Generation service. © 2025 Amazon Web Services, Inc./atsec information security.

Page 60

Amazon Linux 2023 GnuTLS Cryptographic Module

11 Life-Cycle Assurance
11.1 Installation, Initialization, and Startup Procedures

Before the RPM packages are installed, the Amazon Linux 2023 system must operate in the FIPS validated configuration. To achieve this, the Crypto Officer must ensure that the crypto-policies utilities are installed and up to date by executing sudo dnf -y install crypto-policies crypto-policies-scripts. Then, the Crypto Officer must execute the sudo fips-mode-setup --enable command, then, restart the system by executing sudo reboot. The Crypto Officer must verify the Amazon Linux 2023 system operates in the FIPS validated configuration by executing the sudo fips-mode-setup --check command, which should output “FIPS mode is enabled.” Once the operating environment is booted in FIPS validated configuration, the Crypto Officer can install the Amazon packages containing the module using the Yellowdog Updater Modified (yum) with the following commands: $ sudo yum install gnutls-3.8.0-376.amzn2023.0.2 $ sudo yum install gmp-6.2.1-2.amzn2023.0.2 $ sudo yum install nettle-3.8-1.amzn2023.0.2 Note: libhogweed is provided by nettle-3.8-1.amzn2023.0.2. All the Amazon packages are associated with hashes for integrity check. The integrity of the Amazon package is automatically verified by the packing tool during the installation of the module. The Crypto Officer shall not install the package if the integrity fails.

11.2 Administrator Guidance

The Crypto Officer shall follow this Security Policy to configure the operational environment and install the module to be operated in the approved mode. The module cannot use the following environment variables:

Page 61

Amazon Linux 2023 GnuTLS Cryptographic Module

11.3 Non-Administrator Guidance

There is no non-administrator guidance.

11.6 End of Life

As the module does not persistently store SSPs, secure sanitization of the module consists of unloading the module. This will zeroize all SSPs in volatile memory. Then, if desired, the gnutls-3.8.0-376.amzn2023.0.2, gmp-6.2.1-2.amzn2023.0.2, nettle-3.8-1.amzn2023.0.2 RPM packages can be uninstalled from the Amazon Linux 2023 systems. © 2025 Amazon Web Services, Inc./atsec information security.

Page 62

Amazon Linux 2023 GnuTLS Cryptographic Module

12 Mitigation of Other Attacks

The module does not mitigate other attacks. © 2025 Amazon Web Services, Inc./atsec information security.

Page 63
Approved algorithm
NameReferenceID
TLS_DH_RSA_WITH_AES_128_CBC_SHARFC3268{ 0x00, 0x31 }
TLS_DHE_RSA_WITH_AES_128_CBC_SHARFC3268{ 0x00, 0x33 }
TLS_DH_RSA_WITH_AES_256_CBC_SHARFC3268{ 0x00, 0x37 }
TLS_DHE_RSA_WITH_AES_256_CBC_SHARFC3268{ 0x00, 0x39 }
TLS_DH_RSA_WITH_AES_128_CBC_SHA256RFC5246{ 0x00,0x3F }
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256RFC5246{ 0x00,0x67 }
TLS_DH_RSA_WITH_AES_256_CBC_SHA256RFC5246{ 0x00,0x69 }
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256RFC5246{ 0x00,0x6B }
TLS_PSK_WITH_AES_128_CBC_SHARFC4279{ 0x00, 0x8C }
TLS_PSK_WITH_AES_256_CBC_SHARFC4279{ 0x00, 0x8D }
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256RFC5288{ 0x00, 0x9E }
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384RFC5288{ 0x00, 0x9F }
TLS_DH_RSA_WITH_AES_128_GCM_SHA256RFC5288{ 0x00, 0xA0 }
TLS_DH_RSA_WITH_AES_256_GCM_SHA384RFC5288{ 0x00, 0xA1 }
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHARFC4492{ 0xC0, 0x04 }
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHARFC4492{ 0xC0, 0x05 }
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHARFC4492{ 0xC0, 0x09 }
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHARFC4492{ 0xC0, 0x0A }
TLS_ECDH_RSA_WITH_AES_128_CBC_SHARFC4492{ 0xC0, 0x0E }
TLS_ECDH_RSA_WITH_AES_256_CBC_SHARFC4492{ 0xC0, 0x0F }
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHARFC4492{ 0xC0, 0x13 }
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHARFC4492{ 0xC0, 0x14 }
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256RFC5289{ 0xC0, 0x23 }
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384RFC5289{ 0xC0, 0x24 }
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256RFC5289{ 0xC0, 0x25 }
TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384RFC5289{ 0xC0, 0x26 }
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256RFC5289{ 0xC0, 0x27 }
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384RFC5289{ 0xC0, 0x28 }
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256RFC5289{ 0xC0, 0x29 }
TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384RFC5289{ 0xC0, 0x2A }
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256RFC5289{ 0xC0, 0x2B }
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384RFC5289{ 0xC0, 0x2C }
TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256RFC5289{ 0xC0, 0x2D }
TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384RFC5289{ 0xC0, 0x2E }
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256RFC5289{ 0xC0, 0x2F }
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384RFC5289{ 0xC0, 0x30 }
TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256RFC5289{ 0xC0, 0x31 }
TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384RFC5289{ 0xC0, 0x32 }
TLS_DHE_RSA_WITH_AES_128_CCMRFC6655{ 0xC0, 0x9E }
TLS_DHE_RSA_WITH_AES_256_CCMRFC6655{ 0xC0, 0x9F }
TLS_DHE_RSA_WITH_AES_128_CCM_8RFC6655{ 0xC0, 0xA2 }
TLS_DHE_RSA_WITH_AES_256_CCM_8RFC6655{ 0xC0, 0xA3 }
TLS_AES_128_GCM_SHA256RFC8446{ 0x13, 0x01 }
TLS_AES_256_GCM_SHA384RFC8446{ 0x13, 0x02 }
TLS_AES_128_CCM_SHA256RFC8446{ 0x13, 0x04 }
TLS_AES_128_CCM_8_SHA256RFC8446{ 0x13, 0x05 }

Amazon Linux 2023 GnuTLS Cryptographic Module Appendix A. TLS Cipher Suites The module supports the following cipher suites for the TLS protocol version 1.0, 1.1, 1.2 and 1.3, compliant with section 3.3.1 of [SP800-52rev2]. Each cipher suite defines the key exchange algorithm, the bulk encryption algorithm (including the symmetric key size) and the MAC algorithm. © 2025 Amazon Web Services, Inc./atsec information security.

Page 64

Amazon Linux 2023 GnuTLS Cryptographic Module © 2025 Amazon Web Services, Inc./atsec information security.

Page 65

Amazon Linux 2023 GnuTLS Cryptographic Module Appendix B. Glossary and Abbreviations AES Advanced Encryption Standard AES-NI Advanced Encryption Standard New Instructions CAVP Cryptographic Algorithm Validation Program CBC Cipher Block Chaining CCM Counter with Cipher Block Chaining-Message Authentication Code CFB Cipher Feedback CKG Cryptographic Key Generation CMAC Cipher-based Message Authentication Code CMVP Cryptographic Module Validation Program CSP Critical Security Parameter CTR Counter Mode DES Data Encryption Standard DF Derivation Function DRBG Deterministic Random Bit Generator ECB Electronic Code Book ECC Elliptic Curve Cryptography FFC Finite Field Cryptography FIPS Federal Information Processing Standards Publication GCM Galois Counter Mode GMAC Galois Counter Mode Message Authentication Code HMAC Hash Message Authentication Code KAS Key Agreement Scheme KAT Known Answer Test MAC Message Authentication Code NIST National Institute of Science and Technology OFB Output Feedback PAA Processor Algorithm Acceleration PAI Processor Algorithm Implementation PBKDF2 Password-based Key Derivation Function v2 PKCS Public-Key Cryptography Standards © 2025 Amazon Web Services, Inc./atsec information security.

Page 66

Amazon Linux 2023 GnuTLS Cryptographic Module PCT Pairwise Consistency Test PR Prediction Resistance RNG Random Number Generator RSA Rivest, Shamir, Adleman SHA Secure Hash Algorithm SHS Secure Hash Standard © 2025 Amazon Web Services, Inc./atsec information security.

Page 67

Amazon Linux 2023 GnuTLS Cryptographic Module Appendix C. References FIPS140-3 FIPS PUB 140-3 - Security Requirements For Cryptographic Modules March 2019 https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.140-3.pdf FIPS140-3_IG Implementation Guidance for FIPS PUB 140-3 and the Cryptographic Module Validation Program January 2024 https://csrc.nist.gov/csrc/media/Projects/cryptographic-module-validationprogram/documents/fips%20140-3/FIPS%20140-3%20IG.pdf FIPS180-4 Secure Hash Standard (SHS) August 2015 http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf FIPS186-4 Digital Signature Standard (DSS) July 2013 http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf FIPS186-5 Digital Signature Standard (DSS) February 2023 https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-5.pdf FIPS197 Advanced Encryption Standard November 2001 http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf FIPS198-1 The Keyed Hash Message Authentication Code (HMAC) July 2008 http://csrc.nist.gov/publications/fips/fips198-1/FIPS-198-1_final.pdf FIPS202 SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions August 2015 http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf PKCS#1 Public Key Cryptography Standards (PKCS) #1: RSA Cryptography Specifications Version 2.1 February 2003 http://www.ietf.org/rfc/rfc3447.txt SP800-38A NIST Special Publication 800-38A - Recommendation for Block Cipher Modes of Operation Methods and Techniques December 2001 http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf © 2025 Amazon Web Services, Inc./atsec information security.

Page 68

Amazon Linux 2023 GnuTLS Cryptographic Module SP800-38B NIST Special Publication 800-38B - Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication May 2005 http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38b.pdf SP800-38C NIST Special Publication 800-38C - Recommendation for Block Cipher Modes of Operation: the CCM Mode for Authentication and Confidentiality May 2004 http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38c.pdf SP800-38D NIST Special Publication 800-38D - Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC November 2007 http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38d.pdf SP800-38E NIST Special Publication 800-38E - Recommendation for Block Cipher Modes of Operation: The XTS AES Mode for Confidentiality on Storage Devices January 2010 http://csrc.nist.gov/publications/nistpubs/800-38E/nist-sp-800-38E.pdf SP800-52r2 NIST Special Publication 800-52 Revision 2 - Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations August 2019 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-52r2.pdf SP800-56Ar3 NIST Special Publication 800-56A Revision 3 - Recommendation for Pair Wise Key Establishment Schemes Using Discrete Logarithm Cryptography April 2018 https://doi.org/10.6028/NIST.SP.800-56Ar3 SP800-56Cr2 Recommendation for Key Derivation through Extraction-then-Expansion August 2020 https://doi.org/10.6028/NIST.SP.800-56Cr2 SP800-57r5 NIST Special Publication 800-57 Part 1 Revision 5 - Recommendation for Key Management Part 1: General May 2020 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-57pt1r5.pdf SP800-90Ar1 NIST Special Publication 800-90A - Revision 1 - Recommendation for Random Number Generation Using Deterministic Random Bit Generators June 2015 http://dx.doi.org/10.6028/NIST.SP.800-90Ar1 © 2025 Amazon Web Services, Inc./atsec information security.

Page 69

Amazon Linux 2023 GnuTLS Cryptographic Module SP800-90B NIST Special Publication 800-90B - Recommendation for the Entropy Sources Used for Random Bit Generation January 2018 https://doi.org/10.6028/NIST.SP.800-90B SP800-131Ar2 NIST Special Publication 800-131 Revision 2 - Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths March 2019 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar2.pdf SP800-132 NIST Special Publication 800-132 - Recommendation for Password-Based Key Derivation - Part 1: Storage Applications December 2010 http://csrc.nist.gov/publications/nistpubs/800-132/nist-sp800-132.pdf SP800-133r2 NIST Special Publication 800-133 - Recommendation for Cryptographic Key Generation June 2020 https://doi.org/10.6028/NIST.SP.800-133r2 SP800-135r1 NIST Special Publication 800-135 Revision 1 - Recommendation for Existing Application-Specific Key Derivation Functions December 2011 http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-135r1.pdf SP800-140B NIST Special Publication 800-140B - CMVP Security Policy Requirements March 2020 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-140B.pdf © 2025 Amazon Web Services, Inc./atsec information security.

Referenced URLs