All modules
CMVP Validated Module · FIPS 140-3 Security Policy

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module

Certificate#5096StandardFIPS 140-3Level1TypeSoftwareEmbodimentMulti-Chip Stand AloneStatusActiveVendorSUSE LLC
Medium review priority  ·  exposes network crypto parser/protocol  ·  OpenSSL upstream has published 38 CVEs since this module's initial validation  ·  last validated 4 months ago. How this is derived →

Certificate

StandardFIPS 140-3
Overall level1
Module typeSoftware
EmbodimentMulti-Chip Stand Alone
StatusActive
Sunset date11/25/2030
CaveatWhen operated in approved mode. No assurance of minimum security of SSPs (e.g., keys, bit strings) that are externally loaded, or of SSPs established with externally loaded SSPs.
VendorSUSE LLC

Approved Algorithms (67)

AlgorithmACVP Cert
AES-CBCA5398
AES-CBC-CS1A5398
AES-CBC-CS2A5398
AES-CBC-CS3A5398
AES-CCMA5398
AES-CFB1A5398
AES-CFB128A5398
AES-CFB8A5398
AES-CMACA5398
AES-CTRA5398
AES-ECBA5398
AES-GCMA5870
AES-GMACA5870
AES-KWA5398
AES-KWPA5398
AES-OFBA5398
AES-XTS Testing Revision 2.0A5398
Counter DRBGA5397
ECDSA KeyGen (FIPS186-5)A5868
ECDSA KeyVer (FIPS186-5)A5868
ECDSA SigGen (FIPS186-5)A5868
ECDSA SigVer (FIPS186-5)A5868
Hash DRBGA5397
HMAC DRBGA5397
HMAC-SHA-1A5868
HMAC-SHA2- 224A5868
HMAC-SHA2- 256A5864
HMAC-SHA2- 384A5868
HMAC-SHA2- 512A5868
HMAC-SHA2- 512/224A5868
HMAC-SHA2- 512/256A5868
HMAC-SHA3- 224A5869
HMAC-SHA3- 256A5869
HMAC-SHA3- 384A5869
HMAC-SHA3- 512A5869
KAS-ECC-SSC Sp800-56Ar3A5868
KAS-FFC-SSC Sp800-56Ar3A5898
KAS-IFC-SSCA5868
KDA HKDF SP800-56Cr2A5863
KDA OneStep SP800-56Cr2A5897
KDA TwoStep SP800-56Cr2A5897
KDF ANS 9.42 (CVL)A5868
KDF ANS 9.63 (CVL)A5868
KDF SP800- 108A5899
KDF SSH (CVL)A5884
KTS-IFCA5868
PBKDFA5868
RSA KeyGen (FIPS186-5)A5868
RSA SigGen (FIPS186-5)A5868
RSA SigVer (FIPS186-2)A5868
RSA SigVer (FIPS186-4)A5868
RSA SigVer (FIPS186-5)A5868
SHA-1A5868
SHA2-224A5868
SHA2-256A5864
SHA2-384A5868
SHA2-512A5868
SHA2-512/224A5868
SHA2-512/256A5868
SHA3-224A5869
SHA3-256A5869
SHA3-384A5869
SHA3-512A5869
SHAKE-128A5869
SHAKE-256A5869
TLS v1.2 KDF RFC7627 (CVL)A5868
TLS v1.3 KDF (CVL)A5863

Security Levels (Table 1)

Requirement areaLevel
Cryptographic Module Specification2
Cryptographic Module Interfaces3
Roles, Services, and Authentication4
Software/Firmware Security5
Operational Environment6
Self-Tests1
Life-Cycle Assurance1
Mitigation of Other Attacks1

Derived Review-Risk Graph (review prompts, not findings)

flowchart LR
  %% Deterministic review-risk graph for SUSE Linux Enterprise OpenSSL 3 Cryptographic Module
  %% Review prompts and evidence gaps, NOT vulnerability findings.
  subgraph CMVP["CMVP-disclosed clues"]
    C2["[low] Firmware update / recovery<br/>/ rollback (referenced in<br/>text)<br/><i>update<br/>Recovery</i>"]
    C3["[high] Unauthenticated /<br/>self-test / status service<br/>surface<br/><i>Symmetric Encryption with AES<br/>Symmetric Decryption with AES<br/>Show status</i>"]
    C5["[low] Protocol / secure-channel<br/>references (may be KDF<br/>names, not a live channel)<br/><i>TLS<br/>SSH<br/>HTTPS</i>"]
    C6["[low] Operating system / runtime<br/>referenced (boundary<br/>membership not asserted)<br/><i>operating system<br/>linux<br/>kernel</i>"]
  end
  subgraph Inference["Derived inference"]
    I2["Possible only, trusted<br/>code is reachable through<br/>update and recovery paths."]
    I3["Some services may process<br/>input before, or without,<br/>operator authentication."]
    I5["Possible only, a protocol<br/>is referenced, but whether<br/>it is a live channel or<br/>only a KDF/algorithm name<br/>is unconfirmed."]
    I6["Possible only, a<br/>runtime/OS is referenced,<br/>but its membership in the<br/>cryptographic boundary is<br/>not established."]
  end
  subgraph Risk["Reviewer question"]
    R2["Are update images<br/>authenticated before<br/>parsing, and are<br/>downgrade/rollback paths<br/>constrained?"]
    R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
    R5["If a live TLS/SSH/IKE<br/>channel exists, could<br/>library CVEs apply, or is<br/>this only a<br/>KDF/documentation name?"]
    R6["If the OS/runtime is<br/>in-boundary, could its<br/>CVEs be hidden by<br/>firmware-only versioning?"]
  end
  subgraph Evidence["Evidence needed to close"]
    E2["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>update image format ·<br/>signature-before-parse<br/>proof · anti-rollback /<br/>downgrade policy"]
    E3["pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
    E5["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>library identity and<br/>version ·<br/>certificate-validation<br/>behaviour · protocol-CVE<br/>disposition"]
    E6["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>runtime identity and<br/>config · kernel/runtime<br/>hardening profile ·<br/>patch/backport manifest"]
  end
  C2 --> I2 --> R2 --> E2
  C3 --> I3 --> R3 --> E3
  C5 --> I5 --> R5 --> E5
  C6 --> I6 --> R6 --> E6
  classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
  classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
  classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
  class C2,C3,C5,C6 clue;
  class I2,I3,I5,I6 infer;
  class R2,R3,R5,R6 risk;
  class E2,E3,E5,E6 evidence;
Underlying clues
flowchart LR
  %% Deterministic clue tier for SUSE Linux Enterprise OpenSSL 3 Cryptographic Module
  %% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
  subgraph CMVP["CMVP-disclosed clues (deterministic)"]
    C2["[low] Firmware update / recovery / rollback (referenced in text)<br/><i>update<br/>Recovery</i><br/>src: text:keyword"]
    C3["[high] Unauthenticated / self-test / status service surface<br/><i>Symmetric Encryption with AES<br/>Symmetric Decryption with AES<br/>Show status</i><br/>src: securityPolicy.services"]
    C5["[low] Protocol / secure-channel references (may be KDF names, not a live channel)<br/><i>TLS<br/>SSH<br/>HTTPS</i><br/>src: text:keyword"]
    C6["[low] Operating system / runtime referenced (boundary membership not asserted)<br/><i>operating system<br/>linux<br/>kernel</i><br/>src: text:keyword"]
  end
  classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
  classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
  classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
  class C2,C5,C6 clueLow;
  class C3 clueHigh;

Security Policy, page by page

Page 1

SUSE LLC SUSE Linux Enterprise OpenSSL 3 Cryptographic Module Prepared by: atsec information security corporation

4516 Seton Center Pkwy, Suite 250

Austin, TX 78759 www.atsec.com Document version: 1.2 Last update: 15-12-2025 © 2025 SUSE, LLC/atsec information security corporation.

Page 2

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module Table of Contents 1.1.1 © 2025 SUSE, LLC/atsec information security corporation.

Page 3

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module © 2025 SUSE, LLC/atsec information security corporation.

Page 4

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module List of Tables Table 3: Tested Module Identification

Page 5

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module List of Figures © 2025 SUSE, LLC/atsec information security corporation.

Page 6
Security level
NameISO SectionRequirementLevel
11General1
22Cryptographic module specification1
33Cryptographic module interfaces1
44Roles, services, and authentication1
55Software/Firmware security1
66Operational environment1
77Physical securityN/A
88Non-invasive securityN/A
99Sensitive security parameter management1
1010Self-tests1
1111Life-cycle assurance1
1212Mitigation of other attacks1
Overall LevelOverall Level1

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module

1.1 Overview

This document is the non-proprietary FIPS 140-3 Security Policy for version 1.0 of the SUSE Linux Enterprise OpenSSL 3 Cryptographic Module. It contains the security rules under which the module must operate and describes how this module meets the requirements as specified in FIPS PUB 140-3 (Federal Information Processing Standards Publication 140-3) for intact and including this notice. Other documentation is proprietary to their authors.

1.1.1 How this Security Policy was prepared

In preparing the Security Policy document, the laboratory formatted the vendor-supplied documentation for consolidation without altering the technical statements therein contained. The further refining of the Security Policy document was conducted iteratively throughout the conformance testing, wherein the Security Policy was submitted to the vendor, who would then edit, modify, and add technical contents. The vendor would also supply additional documentation, which the laboratory formatted into the existing Security Policy, and resubmitted to the vendor for their final editing.

1.2 Security Levels

N/A N/A © 2025 SUSE, LLC/atsec information security corporation.

Page 7

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module Table 1: Security Levels © 2025 SUSE, LLC/atsec information security corporation.

Page 8

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module

2 Cryptographic Module Specification
2.1 Description

Purpose and Use: The SUSE Linux Enterprise OpenSSL 3 Cryptographic Module (hereafter referred to as “the module”) is defined as a software module in a multi-chip standalone embodiment. It provides a C language application program interface (API) for use by other applications that require cryptographic functionality. The module is a software library supporting FIPS 140-3 approved algorithms developed by SUSE LLC for its use by other applications that require cryptographic functionality and consists of one software component, the “FIPS provider”, which implements the FIPS requirements and the cryptographic functionality provided to the operator. Module Type: Software Module Embodiment: Multi-Chip Standalone Cryptographic Boundary: The cryptographic boundary of the module is defined as the fips.so shared library, which contains the compiled code implementing the FIPS provider. Tested Operational Environment’s Physical Perimeter (TOEPP): The TOEPP of the module is defined as the general-purpose computer on which the module is installed. Figure 1 shows a block diagram that represents the design of the module when the module is operational and providing services to other user space applications. In this diagram, the physical perimeter of the operational environment (a general-purpose computer on which the module is installed) is indicated by a purple dashed line. The cryptographic boundary is represented by the components painted in orange blocks, which consists only of the shared library implementing the FIPS provider (fips.so). The “Data/Control Input” and “Data/Status Output” arrows indicate the flow of data between the cryptographic module and its operator application, through the logical interfaces defined in Section 3 Cryptographic Module Interfaces. Components in white are only included in the diagram for informational purposes. They are not included in the cryptographic boundary (and therefore not part of the module’s validation). For example, the kernel is responsible for managing system calls issued by the module itself, as well as other applications using the module for cryptographic services. © 2025 SUSE, LLC/atsec information security corporation.

Page 9
Module configuration
NameOperating SystemHardware PlatformFirmware VersionSoftware VersionProcessorPaa PaiHypervisorFeaturesPackageIntegrity Test
fips.so on SUSE Linux Enterprise Server 15 SP6 and AMD EPYC™ 73431.0N/Afips.so on SUSE Linux Enterprise Server 15 SP6 and AMD EPYC™ 7343HMAC-SHA2-256
fips.so on SUSE Linux Enterprise Server 15 SP6 and Intel® Xeon® Gold 5416S1.0N/Afips.so on SUSE Linux Enterprise Server 15 SP6 and Intel® Xeon® Gold 5416SHMAC-SHA2-256
fips.so on SUSE Linux Enterprise Server 15 SP6 and IBM® Telum™1.0N/Afips.so on SUSE Linux Enterprise Server 15 SP6 and IBM® Telum™HMAC-SHA2-256
fips.so on SUSE Linux Enterprise Server 15 SP6 and Ampere® Altra® Q80-301.0N/Afips.so on SUSE Linux Enterprise Server 15 SP6 and Ampere® Altra® Q80-30HMAC-SHA2-256
SUSE Linux Enterprise Server 15 SP6SUSE Linux Enterprise Server 15 SP6SuperMicro SuperChassis 825BTQC- R1K23LPB and Motherboard H12DSi-NT61.0AMD EPYC™ 7343YesN/A
SUSE Linux Enterprise Server 15 SP6SUSE Linux Enterprise Server 15 SP6SuperMicro SuperChassis 825BTQC- R1K23LPB and Motherboard H12DSi-NT61.0AMD EPYC™ 7343NoN/A
SUSE Linux Enterprise Server 15 SP6SUSE Linux Enterprise Server 15 SP6GIGABYTE R152- P301.0Ampere® Altra® Q80- 30YesN/A
SUSE Linux Enterprise Server 15 SP6SUSE Linux Enterprise Server 15 SP6GIGABYTE R152- P301.0Ampere® Altra® Q80- 30NoN/A
SUSE Linux Enterprise Server 15 SP6SUSE Linux Enterprise Server 15 SP6IBM z16 A011.0IBM® Telum™YesN/A
SUSE Linux EnterpriseSUSE Linux EnterpriseIBM z16 A011.0IBM® Telum™NoN/A

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module Figure 1: Block Diagram

2.2 Tested and Vendor Affirmed Module Version and

Identification Tested Module Identification

Page 10
Module configuration
NameOperating SystemHardware PlatformFirmware VersionSoftware VersionProcessorPaa PaiHypervisorFeaturesPackageIntegrity Test
fips.so on SUSE Linux Enterprise Server 15 SP6 and Ampere® Altra® Q80-301.0N/Afips.so on SUSE Linux Enterprise Server 15 SP6 and Ampere® Altra® Q80-30HMAC-SHA2-256
SUSE Linux Enterprise Server 15 SP6SUSE Linux Enterprise Server 15 SP6SuperMicro SuperChassis 825BTQC- R1K23LPB and Motherboard H12DSi-NT61.0AMD EPYC™ 7343YesN/A
SUSE Linux Enterprise Server 15 SP6SUSE Linux Enterprise Server 15 SP6SuperMicro SuperChassis 825BTQC- R1K23LPB and Motherboard H12DSi-NT61.0AMD EPYC™ 7343NoN/A
SUSE Linux Enterprise Server 15 SP6SUSE Linux Enterprise Server 15 SP6GIGABYTE R152- P301.0Ampere® Altra® Q80- 30YesN/A
SUSE Linux Enterprise Server 15 SP6SUSE Linux Enterprise Server 15 SP6GIGABYTE R152- P301.0Ampere® Altra® Q80- 30NoN/A
SUSE Linux Enterprise Server 15 SP6SUSE Linux Enterprise Server 15 SP6IBM z16 A011.0IBM® Telum™YesN/A
SUSE Linux EnterpriseSUSE Linux EnterpriseIBM z16 A011.0IBM® Telum™NoN/A
SUSE Linux Enterprise Server 15 SP6SUSE Linux Enterprise Server 15 SP6ASUS RS700-E11- RS4U1.0Intel® Xeon® Gold 5416SYesN/A
SUSE Linux Enterprise Server 15 SP6SUSE Linux Enterprise Server 15 SP6ASUS RS700-E11- RS4U1.0Intel® Xeon® Gold 5416SNoN/A
SUSE Linux Enterprise Server for SAP 15SP6SUSE Linux Enterprise Server for SAP 15SP6ASUS RS700-E11-RS4U on Intel® Xeon® Gold 5416S
SUSE Linux Enterprise Desktop 15SP6SUSE Linux Enterprise Desktop 15SP6ASUS RS700-E11-RS4U on Intel® Xeon® Gold 5416S
SUSE Linux Enterprise Base Container Image 15SP6SUSE Linux Enterprise Base Container Image 15SP6ASUS RS700-E11-RS4U on Intel® Xeon® Gold 5416S
SUSE Linux Enterprise Server for SAP 15SP6SUSE Linux Enterprise Server for SAP 15SP6SuperMicro SuperChassis 825BTQCR1K23LPB and Motherboard H12DSi-NT6 on AMD EPYC™ 7343
SUSE Linux Enterprise Desktop 15SP6SUSE Linux Enterprise Desktop 15SP6SuperMicro SuperChassis 825BTQCR1K23LPB and Motherboard H12DSi-NT6 on AMD EPYC™ 7343
SUSE Linux Enterprise Base Container Image 15SP6SUSE Linux Enterprise Base Container Image 15SP6SuperMicro SuperChassis 825BTQCR1K23LPB and Motherboard H12DSi-NT6 on AMD EPYC™ 7343
SUSE Linux Enterprise Server for SAP 15SP6SUSE Linux Enterprise Server for SAP 15SP6IBM z16 A01 on IBM® Telum™
SUSE Linux Enterprise Base Container Image 15SP6SUSE Linux Enterprise Base Container Image 15SP6IBM z16 A01 on IBM® Telum™
SUSE Linux Enterprise Server 15SP6SUSE Linux Enterprise Server 15SP6IBM LinuxONE III Model LT1 QEMU VM on z15
SUSE Linux Enterprise Base Container Image 15SP6SUSE Linux Enterprise Base Container Image 15SP6IBM LinuxONE III Model LT1 QEMU VM on z15

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module 1.0 N/A Table 2: Tested Module Identification

Page 11
Module configuration
NameOperating SystemHardware PlatformSoftware VersionProcessorPaa PaiHypervisor
SUSE Linux Enterprise Server 15 SP6SUSE Linux Enterprise Server 15 SP6ASUS RS700-E11- RS4U1.0Intel® Xeon® Gold 5416SYesN/A
SUSE Linux Enterprise Server 15 SP6SUSE Linux Enterprise Server 15 SP6ASUS RS700-E11- RS4U1.0Intel® Xeon® Gold 5416SNoN/A
SUSE Linux Enterprise Server for SAP 15SP6SUSE Linux Enterprise Server for SAP 15SP6ASUS RS700-E11-RS4U on Intel® Xeon® Gold 5416S
SUSE Linux Enterprise Desktop 15SP6SUSE Linux Enterprise Desktop 15SP6ASUS RS700-E11-RS4U on Intel® Xeon® Gold 5416S
SUSE Linux Enterprise Base Container Image 15SP6SUSE Linux Enterprise Base Container Image 15SP6ASUS RS700-E11-RS4U on Intel® Xeon® Gold 5416S
SUSE Linux Enterprise Server for SAP 15SP6SUSE Linux Enterprise Server for SAP 15SP6SuperMicro SuperChassis 825BTQCR1K23LPB and Motherboard H12DSi-NT6 on AMD EPYC™ 7343
SUSE Linux Enterprise Desktop 15SP6SUSE Linux Enterprise Desktop 15SP6SuperMicro SuperChassis 825BTQCR1K23LPB and Motherboard H12DSi-NT6 on AMD EPYC™ 7343
SUSE Linux Enterprise Base Container Image 15SP6SUSE Linux Enterprise Base Container Image 15SP6SuperMicro SuperChassis 825BTQCR1K23LPB and Motherboard H12DSi-NT6 on AMD EPYC™ 7343
SUSE Linux Enterprise Server for SAP 15SP6SUSE Linux Enterprise Server for SAP 15SP6IBM z16 A01 on IBM® Telum™
SUSE Linux Enterprise Base Container Image 15SP6SUSE Linux Enterprise Base Container Image 15SP6IBM z16 A01 on IBM® Telum™
SUSE Linux Enterprise Server 15SP6SUSE Linux Enterprise Server 15SP6IBM LinuxONE III Model LT1 QEMU VM on z15
SUSE Linux Enterprise Base Container Image 15SP6SUSE Linux Enterprise Base Container Image 15SP6IBM LinuxONE III Model LT1 QEMU VM on z15
SUSE Linux Enterprise Server Real Time 15SP6SUSE Linux Enterprise Server Real Time 15SP6QEMU VM on AMD EPYC™ 7773X
SUSE Linux Enterprise Server for SAP 15SP6SUSE Linux Enterprise Server for SAP 15SP6QEMU VM on AMD EPYC™ 7773X
SUSE Linux Enterprise Base Container Image 15SP6SUSE Linux Enterprise Base Container Image 15SP6QEMU VM on AMD EPYC™ 7773X
SUSE Linux Enterprise Server 15SP6SUSE Linux Enterprise Server 15SP6QEMU VM on AMD EPYC™ 7773X
SUSE Linux Enterprise Desktop 15SP6SUSE Linux Enterprise Desktop 15SP6QEMU VM on Intel® i7-1195G7
SUSE Linux Enterprise Base Container Image 15SP6SUSE Linux Enterprise Base Container Image 15SP6GIGABYTE R152-P30 on Ampere® Altra® Q80-30
SUSE Linux Enterprise Server for SAP 15SP6SUSE Linux Enterprise Server for SAP 15SP6QEMU VM on Ampere® Altra® Q80-30
SUSE Linux Enterprise Base Container Image 15SP6SUSE Linux Enterprise Base Container Image 15SP6QEMU VM on Ampere® Altra® Q80-30
SUSE Linux Enterprise Server 15SP6SUSE Linux Enterprise Server 15SP6QEMU VM on Ampere® Altra® Q80-30
SUSE Linux Enterprise Server 15SP6SUSE Linux Enterprise Server 15SP6QEMU VM on Intel® Xeon® Gold 6338
SUSE Linux Enterprise Server for SAP 15SP6SUSE Linux Enterprise Server for SAP 15SP6QEMU VM on Intel® Xeon® Gold 5218R
SUSE Linux Enterprise Server for SAP 15SP7SUSE Linux Enterprise Server for SAP 15SP7ASUS RS700-E11-RS4U on Intel® Xeon® Gold 5416S
SUSE Linux Enterprise Server for SAP 15SP7SUSE Linux Enterprise Server for SAP 15SP7SuperMicro SuperChassis 825BTQCR1K23LPB and Motherboard H12DSi-NT6 on AMD EPYC™ 7343
SUSE Linux Enterprise Desktop 15SP7SUSE Linux Enterprise Desktop 15SP7ASUS RS700-E11-RS4U on Intel® Xeon® Gold 5416S
SUSE Linux Enterprise Desktop 15SP7SUSE Linux Enterprise Desktop 15SP7SuperMicro SuperChassis 825BTQCR1K23LPB and Motherboard H12DSi-NT6 on AMD EPYC™ 7343
SUSE Linux Enterprise Base Container Image 15SP7SUSE Linux Enterprise Base Container Image 15SP7ASUS RS700-E11-RS4U on Intel® Xeon® Gold 5416S
SUSE Linux Enterprise Base Container Image 15SP7SUSE Linux Enterprise Base Container Image 15SP7SuperMicro SuperChassis 825BTQCR1K23LPB and Motherboard H12DSi-NT6 on AMD EPYC™ 7343
SUSE Linux Enterprise Base Container Image 15SP7SUSE Linux Enterprise Base Container Image 15SP7GIGABYTE R152-P30 on Ampere® Altra® Q80-30
SUSE Linux Enterprise Base Container Image 15SP7SUSE Linux Enterprise Base Container Image 15SP7IBM z16 A01 on IBM® Telum™
SUSE Linux Enterprise Base Container Image 15SP7SUSE Linux Enterprise Base Container Image 15SP7IBM LinuxONE III Model LT1 on z15
SUSE Linux Enterprise Server 15SP7SUSE Linux Enterprise Server 15SP7IBM LinuxONE III Model LT1 on z15
SUSE Linux Enterprise Server 15SP7SUSE Linux Enterprise Server 15SP7IBM z16 A01 on IBM® Telum™
SUSE Linux Enterprise Server 15SP7SUSE Linux Enterprise Server 15SP7ASUS RS700-E11-RS4U on Intel® Xeon® Gold 5416S
SUSE Linux Enterprise Server 15SP7SUSE Linux Enterprise Server 15SP7SuperMicro SuperChassis 825BTQCR1K23LPB and Motherboard H12DSi-NT6 on AMD EPYC™ 7343
SUSE Linux Enterprise Server 15SP7SUSE Linux Enterprise Server 15SP7GIGABYTE R152-P30 on Ampere® Altra® Q80-30

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module N/A 1.0 N/A 1.0 Table 3: Tested Operational Environments - Software, Firmware, Hybrid Vendor-Affirmed Operational Environments - Software, Firmware, Hybrid: © 2025 SUSE, LLC/atsec information security corporation.

Page 12

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module © 2025 SUSE, LLC/atsec information security corporation.

Page 13

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module Table 4: Vendor-Affirmed Operational Environments - Software, Firmware, Hybrid The module is considered to maintain compliance with the FIPS 140-3 validation for SUSE products when operating on any general-purpose platform/processor that supports the SUSE Linux Enterprise Server operating system per the vendor affirmation from SUSE based on the allowance FIPS 140-3 management manual [FIPS140-3_MM] section 7.9.1 bullet 1 a i). CMVP makes no statement as to the correct operation of the module or the security strengths of the generated keys when so ported if the specific operational environment is not listed on the validation certificate.

2.3 Excluded Components

There are no components excluded from the requirements of the FIPS 140-3 standard.

2.4 Modes of Operation

Modes List and Description: © 2025 SUSE, LLC/atsec information security corporation.

Page 14
Service
NameDescriptionIndicatorType
Non- approved modeAutomatically entered whenever a non-approved service is requestedEquivalent to the indicator of the requested serviceNon- Approved
Approved algorithm
NameCAVP CertPropertiesReference
AES-CBCA5398Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-CBCA5399Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-CBCA5400Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-CBCA5401Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-CBCA5402Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-CBCA5403Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-CBCA5658Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-CBC-CS1A5398Direction - decrypt, encrypt Key Length - 128, 192, 256SP 800-38A
AES-CBC-CS1A5399Direction - decrypt, encrypt Key Length - 128, 192, 256SP 800-38A
AES-CBC-CS1A5400Direction - decrypt, encrypt Key Length - 128, 192, 256SP 800-38A
AES-CBC-CS1A5401Direction - decrypt, encrypt Key Length - 128, 192, 256SP 800-38A
AES-CBC-CS1A5402Direction - decrypt, encrypt Key Length - 128, 192, 256SP 800-38A
AES-CBC-CS1A5403Direction - decrypt, encrypt Key Length - 128, 192, 256SP 800-38A
AES-CBC-CS1A5658Direction - decrypt, encrypt Key Length - 128, 192, 256SP 800-38A
AES-CBC-CS2A5398Direction - decrypt, encrypt Key Length - 128, 192, 256SP 800-38A
AES-CBC-CS2A5399Direction - decrypt, encrypt Key Length - 128, 192, 256SP 800-38A
AES-CBC-CS2A5400Direction - decrypt, encrypt Key Length - 128, 192, 256SP 800-38A
AES-CBC-CS2A5401Direction - decrypt, encrypt Key Length - 128, 192, 256SP 800-38A
AES-CBC-CS2A5402Direction - decrypt, encrypt Key Length - 128, 192, 256SP 800-38A
AES-CBC-CS2A5403Direction - decrypt, encrypt Key Length - 128, 192, 256SP 800-38A
AES-CBC-CS2A5658Direction - decrypt, encrypt Key Length - 128, 192, 256SP 800-38A
AES-CBC-CS3A5398Direction - decrypt, encrypt Key Length - 128, 192, 256SP 800-38A
AES-CBC-CS3A5399Direction - decrypt, encrypt Key Length - 128, 192, 256SP 800-38A
AES-CBC-CS3A5400Direction - decrypt, encrypt Key Length - 128, 192, 256SP 800-38A
AES-CBC-CS3A5401Direction - decrypt, encrypt Key Length - 128, 192, 256SP 800-38A
AES-CBC-CS3A5402Direction - decrypt, encrypt Key Length - 128, 192, 256SP 800-38A
AES-CBC-CS3A5403Direction - decrypt, encrypt Key Length - 128, 192, 256SP 800-38A
AES-CBC-CS3A5658Direction - decrypt, encrypt Key Length - 128, 192, 256SP 800-38A
AES-CCMA5398Key Length - 128, 192, 256SP 800-38C
AES-CCMA5399Key Length - 128, 192, 256SP 800-38C
AES-CCMA5400Key Length - 128, 192, 256SP 800-38C
AES-CCMA5401Key Length - 128, 192, 256SP 800-38C
AES-CCMA5402Key Length - 128, 192, 256SP 800-38C
AES-CCMA5403Key Length - 128, 192, 256SP 800-38C
AES-CCMA5658Key Length - 128, 192, 256SP 800-38C
AES-CFB1A5398Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-CFB1A5399Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-CFB1A5400Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-CFB1A5401Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-CFB1A5402Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-CFB1A5403Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-CFB1A5658Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-CFB128A5398Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-CFB128A5399Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-CFB128A5400Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-CFB128A5401Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-CFB128A5402Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-CFB128A5403Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-CFB128A5658Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-CFB8A5398Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-CFB8A5399Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-CFB8A5400Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-CFB8A5401Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-CFB8A5402Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-CFB8A5403Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-CFB8A5658Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-CMACA5398Capabilities - Direction - Generation, Verification Key Length - 128, 192, 256SP 800-38B
AES-CMACA5399Capabilities - Direction - Generation, Verification Key Length - 128, 192, 256SP 800-38B
AES-CMACA5400Capabilities - Direction - Generation, Verification Key Length - 128, 192, 256SP 800-38B
AES-CMACA5401Capabilities - Direction - Generation, Verification Key Length - 128, 192, 256SP 800-38B
AES-CMACA5402Capabilities - Direction - Generation, Verification Key Length - 128, 192, 256SP 800-38B
AES-CMACA5403Capabilities - Direction - Generation, Verification Key Length - 128, 192, 256SP 800-38B
AES-CMACA5658Capabilities - Direction - Generation, Verification Key Length - 128, 192, 256SP 800-38B
AES-CTRA5398Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-CTRA5399Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-CTRA5400Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-CTRA5401Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-CTRA5402Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-CTRA5403Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-CTRA5658Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-ECBA5398Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-ECBA5399Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-ECBA5400Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-ECBA5401Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-ECBA5402Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-ECBA5403Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-ECBA5658Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-ECBA5884Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-ECBA5893Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-ECBA5894Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-ECBA5895Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-ECBA5896Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-ECBA5900Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-GCMA5870Direction - Decrypt, Encrypt IV Generation - External, Internal Key Length - 128, 192, 256 IV Generation Mode - 8.2.2SP 800-38D
AES-GCMA5871Direction - Decrypt, Encrypt IV Generation - External, Internal Key Length - 128, 192, 256 IV Generation Mode - 8.2.2SP 800-38D
AES-GCMA5872Direction - Decrypt, Encrypt IV Generation - External, Internal Key Length - 128, 192, 256 IV Generation Mode - 8.2.2SP 800-38D
AES-GCMA5873Direction - Decrypt, Encrypt IV Generation - External, Internal Key Length - 128, 192, 256 IV Generation Mode - 8.2.2SP 800-38D
AES-GCMA5874Direction - Decrypt, Encrypt IV Generation - External, Internal Key Length - 128, 192, 256 IV Generation Mode - 8.2.2SP 800-38D
AES-GCMA5875Direction - Decrypt, Encrypt IV Generation - External, Internal Key Length - 128, 192, 256 IV Generation Mode - 8.2.2SP 800-38D
AES-GCMA5880Direction - Decrypt, Encrypt IV Generation - External, Internal Key Length - 128, 192, 256 IV Generation Mode - 8.2.2SP 800-38D
AES-GCMA5881Direction - Decrypt, Encrypt IV Generation - External, Internal Key Length - 128, 192, 256 IV Generation Mode - 8.2.2SP 800-38D
AES-GCMA5882Direction - Decrypt, Encrypt IV Generation - External, Internal Key Length - 128, 192, 256 IV Generation Mode - 8.2.2SP 800-38D
AES-GCMA5886Direction - Decrypt, Encrypt IV Generation - External, Internal Key Length - 128, 192, 256 IV Generation Mode - 8.2.2SP 800-38D
AES-GCMA5887Direction - Decrypt, Encrypt IV Generation - External, Internal Key Length - 128, 192, 256 IV Generation Mode - 8.2.2SP 800-38D
AES-GCMA5888Direction - Decrypt, Encrypt IV Generation - External, Internal Key Length - 128, 192, 256 IV Generation Mode - 8.2.2SP 800-38D
AES-GCMA5903Direction - Decrypt, Encrypt IV Generation - External, Internal Key Length - 128, 192, 256 IV Generation Mode - 8.2.2SP 800-38D
AES-GCMA5904Direction - Decrypt, Encrypt IV Generation - External, Internal Key Length - 128, 192, 256 IV Generation Mode - 8.2.2SP 800-38D
AES-GCMA5905Direction - Decrypt, Encrypt IV Generation - External, Internal Key Length - 128, 192, 256 IV Generation Mode - 8.2.2SP 800-38D
AES-GMACA5870Direction - Decrypt, Encrypt IV Generation - External Key Length - 128, 192, 256SP 800-38D
AES-GMACA5871Direction - Decrypt, Encrypt IV Generation - External Key Length - 128, 192, 256SP 800-38D
AES-GMACA5872Direction - Decrypt, Encrypt IV Generation - External Key Length - 128, 192, 256SP 800-38D
AES-GMACA5873Direction - Decrypt, Encrypt IV Generation - External Key Length - 128, 192, 256SP 800-38D
AES-GMACA5874Direction - Decrypt, Encrypt IV Generation - External Key Length - 128, 192, 256SP 800-38D
AES-GMACA5875Direction - Decrypt, Encrypt IV Generation - External Key Length - 128, 192, 256SP 800-38D
AES-GMACA5880Direction - Decrypt, Encrypt IV Generation - External Key Length - 128, 192, 256SP 800-38D
AES-GMACA5881Direction - Decrypt, Encrypt IV Generation - External Key Length - 128, 192, 256SP 800-38D
AES-GMACA5882Direction - Decrypt, Encrypt IV Generation - External Key Length - 128, 192, 256SP 800-38D
AES-GMACA5886Direction - Decrypt, Encrypt IV Generation - External Key Length - 128, 192, 256SP 800-38D
AES-GMACA5887Direction - Decrypt, Encrypt IV Generation - External Key Length - 128, 192, 256SP 800-38D
AES-GMACA5888Direction - Decrypt, Encrypt IV Generation - External Key Length - 128, 192, 256SP 800-38D
AES-GMACA5903Direction - Decrypt, Encrypt IV Generation - External Key Length - 128, 192, 256SP 800-38D
AES-GMACA5904Direction - Decrypt, Encrypt IV Generation - External Key Length - 128, 192, 256SP 800-38D
AES-GMACA5905Direction - Decrypt, Encrypt IV Generation - External Key Length - 128, 192, 256SP 800-38D
AES-KWA5398Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38F
AES-KWA5399Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38F
AES-KWA5400Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38F
AES-KWA5401Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38F
AES-KWA5402Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38F
AES-KWA5403Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38F
AES-KWA5658Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38F
AES-KWPA5398Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38F
AES-KWPA5399Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38F
AES-KWPA5400Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38F
AES-KWPA5401Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38F
AES-KWPA5402Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38F
AES-KWPA5403Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38F
AES-KWPA5658Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38F
AES-OFBA5398Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-OFBA5399Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-OFBA5400Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-OFBA5401Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-OFBA5402Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-OFBA5403Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-OFBA5658Direction - Decrypt, Encrypt Key Length - 128, 192, 256SP 800-38A
AES-XTS Testing Revision 2.0A5398Direction - Decrypt, Encrypt Key Length - 128, 256SP 800-38E
AES-XTS Testing Revision 2.0A5399Direction - Decrypt, Encrypt Key Length - 128, 256SP 800-38E
AES-XTS Testing Revision 2.0A5400Direction - Decrypt, Encrypt Key Length - 128, 256SP 800-38E
AES-XTS Testing Revision 2.0A5401Direction - Decrypt, Encrypt Key Length - 128, 256SP 800-38E
AES-XTS Testing Revision 2.0A5402Direction - Decrypt, Encrypt Key Length - 128, 256SP 800-38E
AES-XTS Testing Revision 2.0A5403Direction - Decrypt, Encrypt Key Length - 128, 256SP 800-38E
AES-XTS Testing Revision 2.0A5658Direction - Decrypt, Encrypt Key Length - 128, 256SP 800-38E
Counter DRBGA5397Prediction Resistance - No, Yes Capabilities - Mode - AES-128 Derivation Function Enabled - YesSP 800-90A Rev. 1
ECDSA KeyGen (FIPS186-5)A5868Curve - P-224, P-256, P-384, P-521 Secret Generation Mode - testing candidatesFIPS 186-5
ECDSA KeyGen (FIPS186-5)A5876Curve - P-224, P-256, P-384, P-521 Secret Generation Mode - testing candidatesFIPS 186-5
ECDSA KeyGen (FIPS186-5)A5877Curve - P-224, P-256, P-384, P-521 Secret Generation Mode - testing candidatesFIPS 186-5
ECDSA KeyGen (FIPS186-5)A5878Curve - P-224, P-256, P-384, P-521 Secret Generation Mode - testing candidatesFIPS 186-5
ECDSA KeyGen (FIPS186-5)A5879Curve - P-224, P-256, P-384, P-521 Secret Generation Mode - testing candidatesFIPS 186-5
ECDSA KeyGen (FIPS186-5)A5883Curve - P-224, P-256, P-384, P-521 Secret Generation Mode - testing candidatesFIPS 186-5
ECDSA KeyGen (FIPS186-5)A5889Curve - P-224, P-256, P-384, P-521 Secret Generation Mode - testing candidatesFIPS 186-5
ECDSA KeyVer (FIPS186-5)A5868Curve - P-224, P-256, P-384, P-521FIPS 186-5
ECDSA KeyVer (FIPS186-5)A5876Curve - P-224, P-256, P-384, P-521FIPS 186-5
ECDSA KeyVer (FIPS186-5)A5877Curve - P-224, P-256, P-384, P-521FIPS 186-5
ECDSA KeyVer (FIPS186-5)A5878Curve - P-224, P-256, P-384, P-521FIPS 186-5
ECDSA KeyVer (FIPS186-5)A5879Curve - P-224, P-256, P-384, P-521FIPS 186-5
ECDSA KeyVer (FIPS186-5)A5883Curve - P-224, P-256, P-384, P-521FIPS 186-5
ECDSA KeyVer (FIPS186-5)A5889Curve - P-224, P-256, P-384, P-521FIPS 186-5
ECDSA SigGen (FIPS186-5)A5868Capabilities - Curve - P-224, P-256, P-384, P-521 Hash Algorithm - SHA2-224, SHA2-256, SHA2- 384, SHA2-512, SHA2-512/224, SHA2-512/256 Component - No, YesFIPS 186-5
ECDSA SigGen (FIPS186-5)A5869Capabilities - Curve - P-224, P-256, P-384, P-521 Hash Algorithm - SHA3-224, SHA3-256, SHA3- 384, SHA3-512 Component - No, YesFIPS 186-5
ECDSA SigGen (FIPS186-5)A5876Capabilities - Curve - P-224, P-256, P-384, P-521 Hash Algorithm - SHA2-224, SHA2-256, SHA2- 384, SHA2-512, SHA2-512/224, SHA2-512/256 Component - No, YesFIPS 186-5
ECDSA SigGen (FIPS186-5)A5877Capabilities - Curve - P-224, P-256, P-384, P-521 Hash Algorithm - SHA2-224, SHA2-256, SHA2- 384, SHA2-512, SHA2-512/224, SHA2-512/256 Component - No, YesFIPS 186-5
ECDSA SigGen (FIPS186-5)A5878Capabilities - Curve - P-224, P-256, P-384, P-521 Hash Algorithm - SHA2-224, SHA2-256, SHA2- 384, SHA2-512, SHA2-512/224, SHA2-512/256 Component - No, YesFIPS 186-5
ECDSA SigGen (FIPS186-5)A5879Capabilities - Curve - P-224, P-256, P-384, P-521 Hash Algorithm - SHA2-224, SHA2-256, SHA2- 384, SHA2-512, SHA2-512/224, SHA2-512/256 Component - No, YesFIPS 186-5
ECDSA SigGen (FIPS186-5)A5883Capabilities - Curve - P-224, P-256, P-384, P-521 Hash Algorithm - SHA2-224, SHA2-256, SHA2- 384, SHA2-512, SHA2-512/224, SHA2-512/256 Component - No, YesFIPS 186-5
ECDSA SigGen (FIPS186-5)A5885Capabilities - Curve - P-224, P-256, P-384, P-521 Hash Algorithm - SHA3-224, SHA3-256, SHA3- 384, SHA3-512 Component - No, YesFIPS 186-5
ECDSA SigGen (FIPS186-5)A5889Capabilities - Curve - P-224, P-256, P-384, P-521 Hash Algorithm - SHA2-224, SHA2-256, SHA2- 384, SHA2-512, SHA2-512/224, SHA2-512/256 Component - No, YesFIPS 186-5
ECDSA SigVer (FIPS186-5)A5868Capabilities - Curve - P-224, P-256, P-384, P-521 Hash Algorithm - SHA2-224, SHA2-256, SHA2- 384, SHA2-512, SHA2-512/224, SHA2-512/256FIPS 186-5
ECDSA SigVer (FIPS186-5)A5869Capabilities - Curve - P-224, P-256, P-384, P-521 Hash Algorithm - SHA3-224, SHA3-256, SHA3- 384, SHA3-512FIPS 186-5
ECDSA SigVer (FIPS186-5)A5876Capabilities - Curve - P-224, P-256, P-384, P-521FIPS 186-5
ECDSA SigVer (FIPS186-5)A5877Capabilities - Curve - P-224, P-256, P-384, P-521 Hash Algorithm - SHA2-224, SHA2-256, SHA2- 384, SHA2-512, SHA2-512/224, SHA2-512/256FIPS 186-5
ECDSA SigVer (FIPS186-5)A5878Capabilities - Curve - P-224, P-256, P-384, P-521 Hash Algorithm - SHA2-224, SHA2-256, SHA2- 384, SHA2-512, SHA2-512/224, SHA2-512/256FIPS 186-5
ECDSA SigVer (FIPS186-5)A5879Capabilities - Curve - P-224, P-256, P-384, P-521 Hash Algorithm - SHA2-224, SHA2-256, SHA2- 384, SHA2-512, SHA2-512/224, SHA2-512/256FIPS 186-5
ECDSA SigVer (FIPS186-5)A5883Capabilities - Curve - P-224, P-256, P-384, P-521 Hash Algorithm - SHA2-224, SHA2-256, SHA2- 384, SHA2-512, SHA2-512/224, SHA2-512/256FIPS 186-5
ECDSA SigVer (FIPS186-5)A5885Capabilities - Curve - P-224, P-256, P-384, P-521 Hash Algorithm - SHA3-224, SHA3-256, SHA3- 384, SHA3-512FIPS 186-5
ECDSA SigVer (FIPS186-5)A5889Capabilities - Curve - P-224, P-256, P-384, P-521 Hash Algorithm - SHA2-224, SHA2-256, SHA2- 384, SHA2-512, SHA2-512/224, SHA2-512/256FIPS 186-5
Hash DRBGA5397Prediction Resistance - No, Yes Capabilities - Mode - SHA-1SP 800-90A Rev. 1
HMAC DRBGA5397Prediction Resistance - No, Yes Capabilities - Mode - SHA-1SP 800-90A Rev. 1
HMAC-SHA-1A5868Key Length - Key Length: 112-524288 Increment 8FIPS 198-1
HMAC-SHA-1A5876Key Length - Key Length: 112-524288 Increment 8FIPS 198-1
HMAC-SHA-1A5877Key Length - Key Length: 112-524288 Increment 8FIPS 198-1
HMAC-SHA-1A5878Key Length - Key Length: 112-524288 Increment 8FIPS 198-1
HMAC-SHA-1A5879Key Length - Key Length: 112-524288 Increment 8FIPS 198-1
HMAC-SHA-1A5883Key Length - Key Length: 112-524288 Increment 8FIPS 198-1
HMAC-SHA-1A5889Key Length - Key Length: 112-524288 Increment 8FIPS 198-1
HMAC-SHA2- 224A5868Key Length - Key Length: 112-524288 Increment 8FIPS 198-1
HMAC-SHA2- 224A5876Key Length - Key Length: 112-524288 Increment 8FIPS 198-1
HMAC-SHA2- 224A5877Key Length - Key Length: 112-524288 Increment 8FIPS 198-1
HMAC-SHA2- 224A5878Key Length - Key Length: 112-524288 Increment 8FIPS 198-1
HMAC-SHA2- 224A5879Key Length - Key Length: 112-524288 Increment 8FIPS 198-1
HMAC-SHA2- 224A5883Key Length - Key Length: 112-524288 Increment 8FIPS 198-1
HMAC-SHA2- 224A5889Key Length - Key Length: 112-524288 Increment 8FIPS 198-1
HMAC-SHA2- 256A5864Key Length - Key Length: 112-524288 Increment 8FIPS 198-1
HMAC-SHA2- 256A5868Key Length - Key Length: 112-524288 Increment 8FIPS 198-1
HMAC-SHA2- 256A5876Key Length - Key Length: 112-524288 Increment 8FIPS 198-1
HMAC-SHA2- 256A5877Key Length - Key Length: 112-524288 Increment 8FIPS 198-1
HMAC-SHA2- 256A5878Key Length - Key Length: 112-524288 Increment 8FIPS 198-1
HMAC-SHA2- 256A5879Key Length - Key Length: 112-524288 Increment 8FIPS 198-1
HMAC-SHA2- 256A5883Key Length - Key Length: 112-524288 Increment 8FIPS 198-1
HMAC-SHA2- 256A5889Key Length - Key Length: 112-524288 Increment 8FIPS 198-1
HMAC-SHA2- 384A5868Key Length - Key Length: 112-524288 Increment 8FIPS 198-1
HMAC-SHA2- 384A5876Key Length - Key Length: 112-524288 Increment 8FIPS 198-1
HMAC-SHA2- 384A5877Key Length - Key Length: 112-524288 Increment 8FIPS 198-1
HMAC-SHA2- 384A5878Key Length - Key Length: 112-524288 Increment 8FIPS 198-1
HMAC-SHA2- 384A5879Key Length - Key Length: 112-524288 Increment 8FIPS 198-1
HMAC-SHA2- 384A5883Key Length - Key Length: 112-524288 Increment 8FIPS 198-1
HMAC-SHA2- 384A5889Key Length - Key Length: 112-524288 Increment 8FIPS 198-1
HMAC-SHA2- 512A5868Key Length - Key Length: 112-524288 Increment 8FIPS 198-1
HMAC-SHA2- 512A5876Key Length - Key Length: 112-524288 Increment 8FIPS 198-1
HMAC-SHA2- 512A5877Key Length - Key Length: 112-524288 Increment 8FIPS 198-1
HMAC-SHA2- 512A5878Key Length - Key Length: 112-524288 Increment 8FIPS 198-1
HMAC-SHA2- 512A5879Key Length - Key Length: 112-524288 Increment 8FIPS 198-1
HMAC-SHA2- 512A5883Key Length - Key Length: 112-524288 Increment 8FIPS 198-1
HMAC-SHA2- 512A5889Key Length - Key Length: 112-524288 Increment 8FIPS 198-1
HMAC-SHA2- 512/224A5868Key Length - Key Length: 112-524288 Increment 8FIPS 198-1
HMAC-SHA2- 512/224A5876Key Length - Key Length: 112-524288 Increment 8FIPS 198-1
HMAC-SHA2- 512/224A5877Key Length - Key Length: 112-524288 Increment 8FIPS 198-1
HMAC-SHA2- 512/224A5878Key Length - Key Length: 112-524288 Increment 8FIPS 198-1
HMAC-SHA2- 512/224A5879Key Length - Key Length: 112-524288 Increment 8FIPS 198-1
HMAC-SHA2- 512/224A5883Key Length - Key Length: 112-524288 Increment 8FIPS 198-1
HMAC-SHA2- 512/224A5889Key Length - Key Length: 112-524288 Increment 8FIPS 198-1
HMAC-SHA2- 512/256A5868Key Length - Key Length: 112-524288 Increment 8FIPS 198-1
HMAC-SHA2- 512/256A5876Key Length - Key Length: 112-524288 Increment 8FIPS 198-1
HMAC-SHA2- 512/256A5877Key Length - Key Length: 112-524288 Increment 8FIPS 198-1
HMAC-SHA2- 512/256A5878Key Length - Key Length: 112-524288 Increment 8FIPS 198-1
HMAC-SHA2- 512/256A5879Key Length - Key Length: 112-524288 Increment 8FIPS 198-1
HMAC-SHA2- 512/256A5883Key Length - Key Length: 112-524288 Increment 8FIPS 198-1
HMAC-SHA2- 512/256A5889Key Length - Key Length: 112-524288 Increment 8FIPS 198-1
HMAC-SHA3- 224A5869Key Length - Key Length: 112-524288 Increment 8FIPS 198-1
HMAC-SHA3- 224A5885Key Length - Key Length: 112-524288 Increment 8FIPS 198-1
HMAC-SHA3- 256A5869Key Length - Key Length: 112-524288 Increment 8FIPS 198-1
HMAC-SHA3- 256A5885Key Length - Key Length: 112-524288 Increment 8FIPS 198-1
HMAC-SHA3- 384A5869Key Length - Key Length: 112-524288 Increment 8FIPS 198-1
HMAC-SHA3- 384A5885Key Length - Key Length: 112-524288 Increment 8FIPS 198-1
HMAC-SHA3- 512A5869Key Length - Key Length: 112-524288 Increment 8FIPS 198-1
HMAC-SHA3- 512A5885Key Length - Key Length: 112-524288 Increment 8FIPS 198-1
KAS-ECC-SSC Sp800-56Ar3A5868Domain Parameter Generation Methods - P-224, P-256, P-384, P-521 Scheme - ephemeralUnified - KAS Role - initiator, responderSP 800-56A Rev. 3
KAS-ECC-SSC Sp800-56Ar3A5876Domain Parameter Generation Methods - P-224, P-256, P-384, P-521 Scheme - ephemeralUnified - KAS Role - initiator, responderSP 800-56A Rev. 3
KAS-ECC-SSC Sp800-56Ar3A5877Domain Parameter Generation Methods - P-224, P-256, P-384, P-521 Scheme - ephemeralUnified - KAS Role - initiator, responderSP 800-56A Rev. 3
KAS-ECC-SSC Sp800-56Ar3A5878Domain Parameter Generation Methods - P-224, P-256, P-384, P-521 Scheme - ephemeralUnified - KAS Role - initiator, responderSP 800-56A Rev. 3
KAS-ECC-SSC Sp800-56Ar3A5879Domain Parameter Generation Methods - P-224, P-256, P-384, P-521 Scheme -SP 800-56A Rev. 3
KAS-ECC-SSC Sp800-56Ar3A5883Domain Parameter Generation Methods - P-224, P-256, P-384, P-521 Scheme - ephemeralUnified - KAS Role - initiator, responderSP 800-56A Rev. 3
KAS-ECC-SSC Sp800-56Ar3A5889Domain Parameter Generation Methods - P-224, P-256, P-384, P-521 Scheme - ephemeralUnified - KAS Role - initiator, responderSP 800-56A Rev. 3
KAS-FFC-SSC Sp800-56Ar3A5898Domain Parameter Generation Methods - ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192, MODP-2048, MODP-3072, MODP- 4096, MODP-6144, MODP-8192 Scheme - dhEphem - KAS Role - initiator, responderSP 800-56A Rev. 3
KAS-IFC-SSCA5868Modulo - 2048, 3072, 4096, 6144, 8192 Key Generation Methods - rsakpg1-basic, rsakpg1-crt, rsakpg1-prime-factor, rsakpg2-basic, rsakpg2-crt, rsakpg2-prime-factor Scheme - KAS1 - KAS Role - initiator, responder KAS2 - KAS Role - initiator, responderSP 800-56A Rev. 3
KAS-IFC-SSCA5876Modulo - 2048, 3072, 4096, 6144, 8192 Key Generation Methods - rsakpg1-basic, rsakpg1-crt, rsakpg1-prime-factor, rsakpg2-basic, rsakpg2-crt, rsakpg2-prime-factor Scheme - KAS1 - KAS Role - initiator, responder KAS2 - KAS Role - initiator, responderSP 800-56A Rev. 3
KAS-IFC-SSCA5877Modulo - 2048, 3072, 4096, 6144, 8192 Key Generation Methods - rsakpg1-basic, rsakpg1-crt, rsakpg1-prime-factor, rsakpg2-basic, rsakpg2-crt, rsakpg2-prime-factor Scheme - KAS1 - KAS Role - initiator, responderSP 800-56A Rev. 3
KAS-IFC-SSCA5878Modulo - 2048, 3072, 4096, 6144, 8192 Key Generation Methods - rsakpg1-basic, rsakpg1-crt, rsakpg1-prime-factor, rsakpg2-basic, rsakpg2-crt, rsakpg2-prime-factor Scheme - KAS1 - KAS Role - initiator, responder KAS2 - KAS Role - initiator, responderSP 800-56A Rev. 3
KAS-IFC-SSCA5879Modulo - 2048, 3072, 4096, 6144, 8192 Key Generation Methods - rsakpg1-basic, rsakpg1-crt, rsakpg1-prime-factor, rsakpg2-basic, rsakpg2-crt, rsakpg2-prime-factor Scheme - KAS1 - KAS Role - initiator, responder KAS2 - KAS Role - initiator, responderSP 800-56A Rev. 3
KAS-IFC-SSCA5883Modulo - 2048, 3072, 4096, 6144, 8192 Key Generation Methods - rsakpg1-basic, rsakpg1-crt, rsakpg1-prime-factor, rsakpg2-basic, rsakpg2-crt, rsakpg2-prime-factor Scheme - KAS1 - KAS Role - initiator, responder KAS2 - KAS Role - initiator, responderSP 800-56A Rev. 3
KAS-IFC-SSCA5889Modulo - 2048, 3072, 4096, 6144, 8192 Key Generation Methods - rsakpg1-basic, rsakpg1-crt, rsakpg1-prime-factor, rsakpg2-basic, rsakpg2-crt, rsakpg2-prime-factor Scheme - KAS1 - KAS Role - initiator, responder KAS2 - KAS Role - initiator, responderSP 800-56A Rev. 3
KDA HKDF SP800-56Cr2A5863Derived Key Length - 2048 Shared Secret Length - Shared Secret Length: 224-8192 Increment 8 HMAC Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA2-512/224, SHA2- 512/256, SHA3-224, SHA3-256, SHA3-384, SHA3- 512SP 800-56C Rev. 2
KDA OneStep SP800-56Cr2A5897Derived Key Length - 2048 Shared Secret Length - Shared Secret Length: 224-2048 Increment 8SP 800-56C Rev. 2
KDA TwoStep SP800-56Cr2A5897Capabilities - MAC Salting Methods - default, random KDF Mode - feedback Derived Key Length - 2048 Shared Secret Length - Shared Secret Length: 224-2048 Increment 8SP 800-56C Rev. 2
KDF ANS 9.42 (CVL)A5868KDF Type - DER Hash Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA2-512/224, SHA2- 512/256 Key Data Length - Key Data Length: 112-4096 Increment 8SP 800-135 Rev. 1
KDF ANS 9.42 (CVL)A5869KDF Type - DER Hash Algorithm - SHA3-224, SHA3-256, SHA3- 384, SHA3-512 Key Data Length - Key Data Length: 112-4096 Increment 8SP 800-135 Rev. 1
KDF ANS 9.42 (CVL)A5876KDF Type - DER Hash Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA2-512/224, SHA2- 512/256 Key Data Length - Key Data Length: 112-4096 Increment 8SP 800-135 Rev. 1
KDF ANS 9.42 (CVL)A5877KDF Type - DER Hash Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA2-512/224, SHA2- 512/256 Key Data Length - Key Data Length: 112-4096 Increment 8SP 800-135 Rev. 1
KDF ANS 9.42 (CVL)A5878KDF Type - DER Hash Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA2-512/224, SHA2- 512/256 Key Data Length - Key Data Length: 112-4096 Increment 8SP 800-135 Rev. 1
KDF ANS 9.42 (CVL)A5879KDF Type - DER Hash Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA2-512/224, SHA2- 512/256SP 800-135 Rev. 1
KDF ANS 9.42 (CVL)A5883KDF Type - DER Hash Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA2-512/224, SHA2- 512/256 Key Data Length - Key Data Length: 112-4096 Increment 8SP 800-135 Rev. 1
KDF ANS 9.42 (CVL)A5885KDF Type - DER Hash Algorithm - SHA3-224, SHA3-256, SHA3- 384, SHA3-512 Key Data Length - Key Data Length: 112-4096 Increment 8SP 800-135 Rev. 1
KDF ANS 9.42 (CVL)A5889KDF Type - DER Hash Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA2-512/224, SHA2- 512/256 Key Data Length - Key Data Length: 112-4096 Increment 8SP 800-135 Rev. 1
KDF ANS 9.63 (CVL)A5868Hash Algorithm - SHA2-224, SHA2-256, SHA2- 384, SHA2-512, SHA2-512/224, SHA2-512/256 Key Data Length - Key Data Length: 128-4096 Increment 8SP 800-135 Rev. 1
KDF ANS 9.63 (CVL)A5869Hash Algorithm - SHA3-224, SHA3-256, SHA3- 384, SHA3-512 Key Data Length - Key Data Length: 128-4096 Increment 8SP 800-135 Rev. 1
KDF ANS 9.63 (CVL)A5876Hash Algorithm - SHA2-224, SHA2-256, SHA2- 384, SHA2-512, SHA2-512/224, SHA2-512/256 Key Data Length - Key Data Length: 128-4096 Increment 8SP 800-135 Rev. 1
KDF ANS 9.63 (CVL)A5877Hash Algorithm - SHA2-224, SHA2-256, SHA2- 384, SHA2-512, SHA2-512/224, SHA2-512/256 Key Data Length - Key Data Length: 128-4096 Increment 8SP 800-135 Rev. 1
KDF ANS 9.63 (CVL)A5878Hash Algorithm - SHA2-224, SHA2-256, SHA2- 384, SHA2-512, SHA2-512/224, SHA2-512/256 Key Data Length - Key Data Length: 128-4096 Increment 8SP 800-135 Rev. 1
KDF ANS 9.63 (CVL)A5879Hash Algorithm - SHA2-224, SHA2-256, SHA2- 384, SHA2-512, SHA2-512/224, SHA2-512/256 Key Data Length - Key Data Length: 128-4096 Increment 8SP 800-135 Rev. 1
KDF ANS 9.63 (CVL)A5883Hash Algorithm - SHA2-224, SHA2-256, SHA2- 384, SHA2-512, SHA2-512/224, SHA2-512/256 Key Data Length - Key Data Length: 128-4096 Increment 8SP 800-135 Rev. 1
KDF ANS 9.63 (CVL)A5885Hash Algorithm - SHA3-224, SHA3-256, SHA3- 384, SHA3-512 Key Data Length - Key Data Length: 128-4096 Increment 8SP 800-135 Rev. 1
KDF ANS 9.63 (CVL)A5889Hash Algorithm - SHA2-224, SHA2-256, SHA2- 384, SHA2-512, SHA2-512/224, SHA2-512/256 Key Data Length - Key Data Length: 128-4096 Increment 8SP 800-135 Rev. 1
KDF SP800- 108A5899Capabilities - KDF Mode - Counter Supported Lengths - Supported Lengths: 112- 4096 Increment 8SP 800-108 Rev. 1
KDF SSH (CVL)A5884Cipher - AES-128, AES-192, AES-256 Hash Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512SP 800-135 Rev. 1
KDF SSH (CVL)A5893Cipher - AES-128, AES-192, AES-256 Hash Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512SP 800-135 Rev. 1
KDF SSH (CVL)A5894Cipher - AES-128, AES-192, AES-256 Hash Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512SP 800-135 Rev. 1
KDF SSH (CVL)A5895Cipher - AES-128, AES-192, AES-256 Hash Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512SP 800-135 Rev. 1
KDF SSH (CVL)A5896Cipher - AES-128, AES-192, AES-256 Hash Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512SP 800-135 Rev. 1
KDF SSH (CVL)A5900Cipher - AES-128, AES-192, AES-256 Hash Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512SP 800-135 Rev. 1
KTS-IFCA5868Modulo - 2048, 3072, 4096, 6144, 8192 Key Generation Methods - rsakpg1-basic, rsakpg1-crt, rsakpg1-prime-factor, rsakpg2-basic, rsakpg2-crt, rsakpg2-prime-factor Scheme - KTS-OAEP-basic - KAS Role - initiator, responder Key Transport Method - Key Length - 768SP 800-56B Rev. 2
KTS-IFCA5876Modulo - 2048, 3072, 4096, 6144, 8192 Key Generation Methods - rsakpg1-basic, rsakpg1-crt, rsakpg1-prime-factor, rsakpg2-basic, rsakpg2-crt, rsakpg2-prime-factor Scheme - KTS-OAEP-basic - KAS Role - initiator, responder Key Transport Method - Key Length - 768SP 800-56B Rev. 2
KTS-IFCA5877Modulo - 2048, 3072, 4096, 6144, 8192 Key Generation Methods - rsakpg1-basic, rsakpg1-crt, rsakpg1-prime-factor, rsakpg2-basic, rsakpg2-crt, rsakpg2-prime-factor Scheme - KTS-OAEP-basic - KAS Role - initiator, responder Key Transport Method - Key Length - 768SP 800-56B Rev. 2
KTS-IFCA5878Modulo - 2048, 3072, 4096, 6144, 8192 Key Generation Methods - rsakpg1-basic, rsakpg1-crt, rsakpg1-prime-factor, rsakpg2-basic, rsakpg2-crt, rsakpg2-prime-factor Scheme - KTS-OAEP-basic - KAS Role - initiator, responder Key Transport Method - Key Length - 768SP 800-56B Rev. 2
KTS-IFCA5879Modulo - 2048, 3072, 4096, 6144, 8192 Key Generation Methods - rsakpg1-basic, rsakpg1-crt, rsakpg1-prime-factor, rsakpg2-basic, rsakpg2-crt, rsakpg2-prime-factor Scheme - KTS-OAEP-basic - KAS Role - initiator, responder Key Transport Method - Key Length - 768SP 800-56B Rev. 2
KTS-IFCA5883Modulo - 2048, 3072, 4096, 6144, 8192 Key Generation Methods - rsakpg1-basic, rsakpg1-crt, rsakpg1-prime-factor, rsakpg2-basic, rsakpg2-crt, rsakpg2-prime-factor Scheme - KTS-OAEP-basic - KAS Role - initiator, responder Key Transport Method - Key Length - 768SP 800-56B Rev. 2
KTS-IFCA5889Modulo - 2048, 3072, 4096, 6144, 8192 Key Generation Methods - rsakpg1-basic, rsakpg1-crt, rsakpg1-prime-factor, rsakpg2-basic, rsakpg2-crt, rsakpg2-prime-factor Scheme - KTS-OAEP-basic - KAS Role - initiator, responder Key Transport Method - Key Length - 768SP 800-56B Rev. 2
PBKDFA5868Capabilities - Iteration Count - Iteration Count: 1000-10000 Increment 1 Password Length - Password Length: 8-128 Increment 1SP 800-132
PBKDFA5869Capabilities - Iteration Count - Iteration Count: 1000-10000 Increment 1 Password Length - Password Length: 8-128 Increment 1SP 800-132
PBKDFA5876Capabilities - Iteration Count - Iteration Count: 1000-10000 Increment 1 Password Length - Password Length: 8-128 Increment 1SP 800-132
PBKDFA5877Capabilities - Iteration Count - Iteration Count: 1000-10000 Increment 1 Password Length - Password Length: 8-128 Increment 1SP 800-132
PBKDFA5878Capabilities - Iteration Count - Iteration Count: 1000-10000 Increment 1 Password Length - Password Length: 8-128 Increment 1SP 800-132
PBKDFA5879Capabilities - Iteration Count - Iteration Count: 1000-10000 Increment 1 Password Length - Password Length: 8-128 Increment 1SP 800-132
PBKDFA5883Capabilities - Iteration Count - Iteration Count: 1000-10000 Increment 1 Password Length - Password Length: 8-128 Increment 1SP 800-132
PBKDFA5885Capabilities - Iteration Count - Iteration Count: 1000-10000 Increment 1 Password Length - Password Length: 8-128 Increment 1SP 800-132
PBKDFA5889Capabilities - Iteration Count - Iteration Count: 1000-10000 Increment 1 Password Length - Password Length: 8-128 Increment 1SP 800-132
RSA KeyGen (FIPS186-5)A5868Capabilities - Key Generation Mode - probableWithProbableAux Properties - Modulo - 2048 Primality Tests - 2powSecStr Private Key Format - standardFIPS 186-5
RSA KeyGen (FIPS186-5)A5876Capabilities - Key Generation Mode - probableWithProbableAux Properties - Modulo - 2048 Primality Tests - 2powSecStr Private Key Format - standardFIPS 186-5
RSA KeyGen (FIPS186-5)A5877Capabilities - Key Generation Mode - probableWithProbableAux Properties - Modulo - 2048 Primality Tests - 2powSecStr Private Key Format - standardFIPS 186-5
RSA KeyGen (FIPS186-5)A5878Capabilities - Key Generation Mode - probableWithProbableAux Properties - Modulo - 2048FIPS 186-5
RSA KeyGen (FIPS186-5)A5879Capabilities - Key Generation Mode - probableWithProbableAux Properties - Modulo - 2048 Primality Tests - 2powSecStr Private Key Format - standardFIPS 186-5
RSA KeyGen (FIPS186-5)A5883Capabilities - Key Generation Mode - probableWithProbableAux Properties - Modulo - 2048 Primality Tests - 2powSecStr Private Key Format - standardFIPS 186-5
RSA KeyGen (FIPS186-5)A5889Capabilities - Key Generation Mode - probableWithProbableAux Properties - Modulo - 2048 Primality Tests - 2powSecStr Private Key Format - standardFIPS 186-5
RSA SigGen (FIPS186-5)A5868Capabilities - Properties - Modulo - 2048 Signature Type - pkcs1v1.5FIPS 186-5
RSA SigGen (FIPS186-5)A5869Capabilities - Properties - Modulo - 2048 Signature Type - pkcs1v1.5FIPS 186-5
RSA SigGen (FIPS186-5)A5876Capabilities - Properties - Modulo - 2048 Signature Type - pkcs1v1.5FIPS 186-5
RSA SigGen (FIPS186-5)A5877Capabilities - Properties - Modulo - 2048 Signature Type - pkcs1v1.5FIPS 186-5
RSA SigGen (FIPS186-5)A5878Capabilities - Properties - Modulo - 2048 Signature Type - pkcs1v1.5FIPS 186-5
RSA SigGen (FIPS186-5)A5879Capabilities - Properties - Modulo - 2048 Signature Type - pkcs1v1.5FIPS 186-5
RSA SigGen (FIPS186-5)A5883Capabilities - Properties - Modulo - 2048 Signature Type - pkcs1v1.5FIPS 186-5
RSA SigGen (FIPS186-5)A5885Capabilities - Properties - Modulo - 2048 Signature Type - pkcs1v1.5FIPS 186-5
RSA SigGen (FIPS186-5)A5889Capabilities - Properties - Modulo - 2048 Signature Type - pkcs1v1.5FIPS 186-5
RSA SigVer (FIPS186-2)A5868Capabilities - Signature Type - PKCSPSS Properties - Modulo - 1536FIPS 186-4
RSA SigVer (FIPS186-2)A5876Capabilities - Signature Type - PKCS 1.5 Properties - Modulo - 1536FIPS 186-4
RSA SigVer (FIPS186-2)A5877Capabilities - Signature Type - PKCS 1.5 Properties - Modulo - 1536FIPS 186-4
RSA SigVer (FIPS186-2)A5878Capabilities - Signature Type - PKCS 1.5 Properties - Modulo - 1536FIPS 186-4
RSA SigVer (FIPS186-2)A5879Capabilities - Signature Type - PKCS 1.5 Properties - Modulo - 1536FIPS 186-4
RSA SigVer (FIPS186-2)A5883Capabilities - Signature Type - PKCS 1.5 Properties - Modulo - 1536FIPS 186-4
RSA SigVer (FIPS186-2)A5889Capabilities - Signature Type - PKCS 1.5 Properties - Modulo - 1536FIPS 186-4
RSA SigVer (FIPS186-4)A5868Capabilities - Signature Type - PKCS 1.5 Properties - Modulo - 1024FIPS 186-4
RSA SigVer (FIPS186-4)A5876Capabilities - Signature Type - PKCS 1.5 Properties - Modulo - 1024FIPS 186-4
RSA SigVer (FIPS186-4)A5877Capabilities - Signature Type - PKCS 1.5 Properties - Modulo - 1024FIPS 186-4
RSA SigVer (FIPS186-4)A5878Capabilities - Signature Type - PKCS 1.5 Properties - Modulo - 1024FIPS 186-4
RSA SigVer (FIPS186-4)A5879Capabilities - Signature Type - PKCS 1.5 Properties - Modulo - 1024FIPS 186-4
RSA SigVer (FIPS186-4)A5883Capabilities - Signature Type - PKCS 1.5 Properties - Modulo - 1024FIPS 186-4
RSA SigVer (FIPS186-4)A5889Capabilities - Signature Type - PKCS 1.5 Properties - Modulo - 1024FIPS 186-4
RSA SigVer (FIPS186-5)A5868Capabilities - Properties - Modulo - 2048 Signature Type - pkcs1v1.5FIPS 186-5
RSA SigVer (FIPS186-5)A5869Capabilities - Properties - Modulo - 2048 Signature Type - pkcs1v1.5FIPS 186-5
RSA SigVer (FIPS186-5)A5876Capabilities - Properties - Modulo - 2048 Signature Type - pkcs1v1.5FIPS 186-5
RSA SigVer (FIPS186-5)A5877Capabilities - Properties - Modulo - 2048 Signature Type - pkcs1v1.5FIPS 186-5
RSA SigVer (FIPS186-5)A5878Capabilities - Properties - Modulo - 2048 Signature Type - pkcs1v1.5FIPS 186-5
RSA SigVer (FIPS186-5)A5879Capabilities - Properties - Modulo - 2048 Signature Type - pkcs1v1.5FIPS 186-5
RSA SigVer (FIPS186-5)A5883Capabilities - Properties - Modulo - 2048 Signature Type - pkcs1v1.5FIPS 186-5
RSA SigVer (FIPS186-5)A5885Capabilities - Properties - Modulo - 2048 Signature Type - pkcs1v1.5FIPS 186-5
RSA SigVer (FIPS186-5)A5889Capabilities - Properties - Modulo - 2048 Signature Type - pkcs1v1.5FIPS 186-5
Safe Primes Key GenerationA5898Safe Prime Groups - ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192, MODP-2048, MODP-3072, MODP-4096, MODP-6144, MODP- 8192SP 800-56A Rev. 3
Safe Primes Key VerificationA5898Safe Prime Groups - ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192, MODP-2048, MODP-3072, MODP-4096, MODP-6144, MODP- 8192SP 800-56A Rev. 3
SHA-1A5868Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8FIPS 180-4
SHA-1A5876Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8FIPS 180-4
SHA-1A5877Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8FIPS 180-4
SHA-1A5878Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8FIPS 180-4
SHA-1A5879Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8FIPS 180-4
SHA-1A5883Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8FIPS 180-4
SHA-1A5889Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8FIPS 180-4
SHA2-224A5868Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8FIPS 180-4
SHA2-224A5876Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8FIPS 180-4
SHA2-224A5877Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8FIPS 180-4
SHA2-224A5878Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8FIPS 180-4
SHA2-224A5879Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8FIPS 180-4
SHA2-224A5883Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8FIPS 180-4
SHA2-224A5889Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8FIPS 180-4
SHA2-256A5864Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8FIPS 180-4
SHA2-256A5868Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8FIPS 180-4
SHA2-256A5876Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8FIPS 180-4
SHA2-256A5877Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8FIPS 180-4
SHA2-256A5878Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8FIPS 180-4
SHA2-256A5879Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8FIPS 180-4
SHA2-256A5883Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8FIPS 180-4
SHA2-256A5889Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8FIPS 180-4
SHA2-384A5868Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8FIPS 180-4
SHA2-384A5876Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8FIPS 180-4
SHA2-384A5877Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8FIPS 180-4
SHA2-384A5878Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8FIPS 180-4
SHA2-384A5879Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8FIPS 180-4
SHA2-384A5883Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8FIPS 180-4
SHA2-384A5889Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8FIPS 180-4
SHA2-512A5868Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8FIPS 180-4
SHA2-512A5876Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8FIPS 180-4
SHA2-512A5877Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8FIPS 180-4
SHA2-512A5878Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8FIPS 180-4
SHA2-512A5879Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8FIPS 180-4
SHA2-512A5883Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8FIPS 180-4
SHA2-512A5889Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8FIPS 180-4
SHA2-512/224A5868Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8FIPS 180-4
SHA2-512/224A5876Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8FIPS 180-4
SHA2-512/224A5877Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8FIPS 180-4
SHA2-512/224A5878Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8FIPS 180-4
SHA2-512/224A5879Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8FIPS 180-4
SHA2-512/224A5883Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8FIPS 180-4
SHA2-512/224A5889Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8FIPS 180-4
SHA2-512/256A5868Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8FIPS 180-4
SHA2-512/256A5876Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8FIPS 180-4
SHA2-512/256A5877Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8FIPS 180-4
SHA2-512/256A5878Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8FIPS 180-4
SHA2-512/256A5879Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8FIPS 180-4
SHA2-512/256A5883Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8FIPS 180-4
SHA2-512/256A5889Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8FIPS 180-4
SHA3-224A5869Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8FIPS 202
SHA3-224A5885Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8FIPS 202
SHA3-256A5869Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8FIPS 202
SHA3-256A5885Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8FIPS 202
SHA3-384A5869Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8FIPS 202
SHA3-384A5885Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8FIPS 202
SHA3-512A5869Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8FIPS 202
SHA3-512A5885Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8FIPS 202
SHAKE-128A5869Output Length - Output Length: 16-65536 Increment 8FIPS 202
SHAKE-128A5885Output Length - Output Length: 16-65536 Increment 8FIPS 202
SHAKE-256A5869Output Length - Output Length: 16-65536 Increment 8FIPS 202
SHAKE-256A5885Output Length - Output Length: 16-65536 Increment 8FIPS 202
TLS v1.2 KDF RFC7627 (CVL)A5868Hash Algorithm - SHA2-256, SHA2-384, SHA2-512SP 800-135 Rev. 1
TLS v1.2 KDF RFC7627 (CVL)A5876Hash Algorithm - SHA2-256, SHA2-384, SHA2-512SP 800-135 Rev. 1
TLS v1.2 KDF RFC7627 (CVL)A5877Hash Algorithm - SHA2-256, SHA2-384, SHA2-512SP 800-135 Rev. 1
TLS v1.2 KDF RFC7627 (CVL)A5878Hash Algorithm - SHA2-256, SHA2-384, SHA2-512SP 800-135 Rev. 1
TLS v1.2 KDF RFC7627 (CVL)A5879Hash Algorithm - SHA2-256, SHA2-384, SHA2-512SP 800-135 Rev. 1
TLS v1.2 KDF RFC7627 (CVL)A5883Hash Algorithm - SHA2-256, SHA2-384, SHA2-512SP 800-135 Rev. 1
TLS v1.2 KDF RFC7627 (CVL)A5889Hash Algorithm - SHA2-256, SHA2-384, SHA2-512SP 800-135 Rev. 1
TLS v1.3 KDF (CVL)A5863HMAC Algorithm - SHA2-256, SHA2-384 KDF Running Modes - DHE, PSK, PSK-DHESP 800-135 Rev. 1

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module Nonapproved NonApproved Table 5: Modes List and Description After passing all pre-operational self-tests and cryptographic algorithm self-tests executed on start-up, the module automatically transitions to the approved mode. No operator intervention is required to reach this point. The module operates in the approved mode of operation by default and can only transition into the non-approved mode by calling one of the non-approved services listed in the Non-Approved Services table of the Security Policy. In the operational state, the module accepts service requests from calling applications through its logical interfaces. At any point in the operational state, a calling application can end its process, causing the module to end its operation. Mode Change Instructions and Status: The module automatically switches between the approved and non-approved modes depending on the services requested by the operator. The status indicator of the mode of

2.5 Algorithms

Approved Algorithms: © 2025 SUSE, LLC/atsec information security corporation.

Page 15

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module © 2025 SUSE, LLC/atsec information security corporation.

Page 16

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module © 2025 SUSE, LLC/atsec information security corporation.

Page 17

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module © 2025 SUSE, LLC/atsec information security corporation.

Page 18

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module © 2025 SUSE, LLC/atsec information security corporation.

Page 19

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module © 2025 SUSE, LLC/atsec information security corporation.

Page 20

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module © 2025 SUSE, LLC/atsec information security corporation.

Page 21

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module © 2025 SUSE, LLC/atsec information security corporation.

Page 22

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module © 2025 SUSE, LLC/atsec information security corporation.

Page 23

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module © 2025 SUSE, LLC/atsec information security corporation.

Page 24

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module © 2025 SUSE, LLC/atsec information security corporation.

Page 25

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module © 2025 SUSE, LLC/atsec information security corporation.

Page 26

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module © 2025 SUSE, LLC/atsec information security corporation.

Page 27

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module © 2025 SUSE, LLC/atsec information security corporation.

Page 28

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module HMAC-SHA2224 HMAC-SHA2224 HMAC-SHA2224 HMAC-SHA2224 HMAC-SHA2224 HMAC-SHA2224 HMAC-SHA2224 HMAC-SHA2256 HMAC-SHA2256 HMAC-SHA2256 HMAC-SHA2256 HMAC-SHA2256 © 2025 SUSE, LLC/atsec information security corporation.

Page 29

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module HMAC-SHA2256 HMAC-SHA2256 HMAC-SHA2256 HMAC-SHA2384 HMAC-SHA2384 HMAC-SHA2384 HMAC-SHA2384 HMAC-SHA2384 HMAC-SHA2384 HMAC-SHA2384 HMAC-SHA2512 HMAC-SHA2512 HMAC-SHA2512 HMAC-SHA2512 HMAC-SHA2512 HMAC-SHA2512 © 2025 SUSE, LLC/atsec information security corporation.

Page 30

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module HMAC-SHA2512 HMAC-SHA3224 © 2025 SUSE, LLC/atsec information security corporation.

Page 31

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module HMAC-SHA3224 HMAC-SHA3256 HMAC-SHA3256 HMAC-SHA3384 HMAC-SHA3384 HMAC-SHA3512 HMAC-SHA3512 © 2025 SUSE, LLC/atsec information security corporation.

Page 32

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module © 2025 SUSE, LLC/atsec information security corporation.

Page 33

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module © 2025 SUSE, LLC/atsec information security corporation.

Page 34

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module © 2025 SUSE, LLC/atsec information security corporation.

Page 35

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module © 2025 SUSE, LLC/atsec information security corporation.

Page 36

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module KDF SP800108 © 2025 SUSE, LLC/atsec information security corporation.

Page 37

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module © 2025 SUSE, LLC/atsec information security corporation.

Page 38

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module © 2025 SUSE, LLC/atsec information security corporation.

Page 39

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module © 2025 SUSE, LLC/atsec information security corporation.

Page 40

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module © 2025 SUSE, LLC/atsec information security corporation.

Page 41

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module © 2025 SUSE, LLC/atsec information security corporation.

Page 42

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module © 2025 SUSE, LLC/atsec information security corporation.

Page 43

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module © 2025 SUSE, LLC/atsec information security corporation.

Page 44

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module © 2025 SUSE, LLC/atsec information security corporation.

Page 45

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module © 2025 SUSE, LLC/atsec information security corporation.

Page 46

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module © 2025 SUSE, LLC/atsec information security corporation.

Page 47

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module © 2025 SUSE, LLC/atsec information security corporation.

Page 48

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module © 2025 SUSE, LLC/atsec information security corporation.

Page 49
Service
NameProperties
Asymmetric Cryptographic Key Generation (CKG)N/ASP 800-133 Rev. 2, section 4, example 1

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module Table 6: Approved Algorithms Vendor-Affirmed Algorithms: N/A Table 7: Vendor-Affirmed Algorithms Non-Approved, Allowed Algorithms: N/A for this module. The module does not implement non-approved algorithms that are allowed in the approved mode of operation. Non-Approved, Allowed Algorithms with No Security Claimed: N/A for this module. © 2025 SUSE, LLC/atsec information security corporation.

Page 50
Service
NameDescriptionApproved FunctionsTypeProperties
AES GCM (external IV)Authentication Encryption
HMAC (< 112-bit keys)Message Authentication Code
KBKDF, KDA OneStep, KDA TwoStep, HKDF, ANS X9.42 KDF, ANS X9.63 KDF (< 112-bit keys)Key Derivation
KDA OneStep, KDA TwoStep (SHAKE128, SHAKE256)Key Derivation
ANS X9.42 KDF (SHAKE128, SHAKE256)Key Derivation
ANS X9.63 KDF (SHA-1, SHAKE128, SHAKE256)Key Derivation
SSH KDF (SHA-512/224, SHA-512/256, SHA-3, SHAKE128, SHAKE256)Key Derivation
TLS 1.2 KDF (SHA-1, SHA-224, SHA-512/224, SHA- 512/256, SHA-3)TLS Key Derivation
TLS 1.3 KDF (SHA-1, SHA-224, SHA-512, SHA-512/224, SHA-512/256, SHA-3)TLS Key Derivation
PBKDF2 (< 8 characters password; < 128 salt length; < 1000 iterations; < 112-bit keys)Password-based Key Derivation
RSA and ECDSA (pre-hashed message)Signature generation; Signature verification
RSA-PSS (invalid salt length: FIPS 186-5, section 5.4, item(g))Signature generation; Signature verification
Symmetric Encryption with AESSymmetric encryption using AESAES-CBC: (A5398, A5399, A5400, A5401, A5402, A5403, A5658)BC-UnAuthAES-ECB: 128-, 192-, 256-bit keys with 128, 192, 256 bits of security strength
Service
NameDescriptionApproved FunctionsTypeProperties
AES GCM (external IV)Authentication Encryption
HMAC (< 112-bit keys)Message Authentication Code
KBKDF, KDA OneStep, KDA TwoStep, HKDF, ANS X9.42 KDF, ANS X9.63 KDF (< 112-bit keys)Key Derivation
KDA OneStep, KDA TwoStep (SHAKE128, SHAKE256)Key Derivation
ANS X9.42 KDF (SHAKE128, SHAKE256)Key Derivation
ANS X9.63 KDF (SHA-1, SHAKE128, SHAKE256)Key Derivation
SSH KDF (SHA-512/224, SHA-512/256, SHA-3, SHAKE128, SHAKE256)Key Derivation
TLS 1.2 KDF (SHA-1, SHA-224, SHA-512/224, SHA- 512/256, SHA-3)TLS Key Derivation
TLS 1.3 KDF (SHA-1, SHA-224, SHA-512, SHA-512/224, SHA-512/256, SHA-3)TLS Key Derivation
PBKDF2 (< 8 characters password; < 128 salt length; < 1000 iterations; < 112-bit keys)Password-based Key Derivation
RSA and ECDSA (pre-hashed message)Signature generation; Signature verification
RSA-PSS (invalid salt length: FIPS 186-5, section 5.4, item(g))Signature generation; Signature verification
Symmetric Encryption with AESSymmetric encryption using AESAES-CBC: (A5398, A5399, A5400, A5401, A5402, A5403, A5658)BC-UnAuthAES-ECB: 128-, 192-, 256-bit keys with 128, 192, 256 bits of security strength

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module The module does not implement non-approved algorithms that are allowed in the approved mode of operation with no security claimed. Non-Approved, Not Allowed Algorithms: Table 8: Non-Approved, Not Allowed Algorithms The table above lists all non-approved cryptographic algorithms of the module employed by the non-approved services of the Non-Approved Services table in Section 4.4 Non-Approved Services. © 2025 SUSE, LLC/atsec information security corporation.

Page 51
Service
NameDescriptionApproved Functions
AES-CBC: 128-, 192-, 256-bit keys with 128, 192, 256 bits of security strength AES-CBC-CS1: 128-, 192-, 256- bit keys with 128, 192, 256 bits of security strength AES-CBC-CS2: 128-, 192-, 256- bit keys with 128, 192, 256 bits of security strength AES-CBC-CS3: 128-, 192-, 256- bit keys with 128, 192, 256 bits of security strength AES-CFB1: 128-, 192-, 256-bit keys with 128, 192, 256 bits of security strength AES-CFB128: 128-, 192-, 256- bit keys with 128, 192, 256 bits of security strength AES-CFB8: 128-, 192-, 256-bit keys with 128, 192, 256 bits of security strength AES-CTR: 128-, 192-, 256-bit keys with 128, 192, 256 bits of security strength AES-OFB: 128-, 192-, 256-bit keys with 128, 192, 256 bits of security strength AES-XTS Testing Revision 2.0: 256-, 512-bit keys with 128, 256 bits of security strengthAES-CBC: 128-, 192-, 256-bit keys with 128, 192, 256 bits of security strength AES-CBC-CS1: 128-, 192-, 256- bit keys with 128, 192, 256 bits of security strength AES-CBC-CS2: 128-, 192-, 256- bit keys with 128, 192, 256 bits of security strength AES-CBC-CS3: 128-, 192-, 256- bit keys with 128, 192, 256 bits of security strength AES-CFB1: 128-, 192-, 256-bit keys with 128, 192, 256 bits of security strength AES-CFB128: 128-, 192-, 256- bit keys with 128, 192, 256 bits of security strength AES-CFB8: 128-, 192-, 256-bit keys with 128, 192, 256 bits of security strength AES-CTR: 128-, 192-, 256-bit keys with 128, 192, 256 bits of security strength AES-OFB: 128-, 192-, 256-bit keys with 128, 192, 256 bits of security strength AES-XTS Testing Revision 2.0: 256-, 512-bit keys with 128, 256 bits of security strengthAES-CBC-CS1: (A5398, A5399, A5400, A5401, A5402, A5403, A5658) AES-CBC-CS2: (A5398, A5399, A5400, A5401, A5402, A5403, A5658) AES-CBC-CS3: (A5398, A5399, A5400, A5401, A5402, A5403, A5658) AES-CFB1: (A5398, A5399, A5400, A5401, A5402, A5403, A5658) AES-CFB128: (A5398, A5399, A5400, A5401, A5402, A5403, A5658) AES-CFB8: (A5398, A5399, A5400, A5401, A5402, A5403, A5658) AES-CTR: (A5398, A5399, A5400, A5401, A5402, A5403, A5658) AES-ECB: (A5398, A5399, A5400, A5401, A5402, A5403, A5658, A5884, A5893, A5894, A5895, A5896, A5900) AES-OFB: (A5398, A5399, A5400, A5401, A5402, A5403, A5658) AES-XTS Testing Revision 2.0: (A5398, A5399,

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module © 2025 SUSE, LLC/atsec information security corporation.

Page 52
Service
NameDescriptionApproved FunctionsTypeProperties
Symmetric Decryption with AESSymmetric decryption using AESAES-CBC: (A5398, A5399, A5400, A5401, A5402, A5403, A5658) AES-CBC-CS1: (A5398, A5399, A5400, A5401, A5402, A5403, A5658) AES-CBC-CS2: (A5398, A5399, A5400, A5401, A5402, A5403, A5658) AES-CBC-CS3: (A5398, A5399, A5400, A5401, A5402, A5403, A5658) AES-CFB1: (A5398, A5399, A5400, A5401, A5402, A5403, A5658) AES-CFB128: (A5398, A5399, A5400, A5401, A5402, A5403, A5658) AES-CFB8: (A5398, A5399, A5400, A5401, A5402, A5403, A5658) AES-CTR: (A5398, A5399, A5400, A5401, A5402, A5403, A5658) AES-ECB: (A5398, A5399, A5400, A5401, A5402, A5403, A5658, A5884, A5893, A5894, A5895, A5896, A5900)BC-UnAuthAES-ECB: 128-, 192-, 256-bit keys with 128, 192, 256 bits of security strength AES-CBC: 128-, 192-, 256-bit keys with 128, 192, 256 bits of security strength AES-CBC-CS1: 128-, 192-, 256- bit keys with 128, 192, 256 bits of security strength AES-CBC-CS2: 128-, 192-, 256- bit keys with 128, 192, 256 bits of security strength AES-CBC-CS3: 128-, 192-, 256- bit keys with 128, 192, 256 bits of security strength AES-CFB1: 128-, 192-, 256-bit keys with 128, 192, 256 bits of security strength AES-CFB128: 128-, 192-, 256- bit keys with 128, 192, 256 bits of security strength AES-CFB8: 128-, 192-, 256-bit keys with 128, 192, 256 bits of security strength AES-CTR: 128-, 192-, 256-bit keys with 128, 192, 256 bits of security strength AES-OFB: 128-, 192-, 256-bit keys with 128,

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module © 2025 SUSE, LLC/atsec information security corporation.

Page 53
Service
NameDescriptionCsps AccessedApproved FunctionsType
Key Derivation with KDA OneStepKey Derivation using KDA OneStepMACs: (HMAC) SHA-1, SHA-224, SHA-256, SHA- 384, SHA-512, SHA-512/224, SHA-512/256, SHA3-224, SHA3- 256, SHA3-384, SHA3-512 Shared secret length: 224-8192 bits Security strength: 112- 256 bitsKDA OneStep SP800-56Cr2: (A5897)KAS-56CKDF
Key Derivation with KDA TwoStepKey Derivation using KDA TwoStepModes: feedback MACs: (HMAC) SHA-1, SHA-224, SHA-256, SHA- 384, SHA-512, SHA-512/224, SHA-512/256, SHA3-224, SHA3- 256, SHA3-384, SHA3-512 Shared secret length: 224-8192 bits Security strength: 112- 256 bitsKDA TwoStep SP800-56Cr2: (A5897)KAS-56CKDF
Key Derivation with X9.42 KDFKey Derivation using X9.42 KDFHashes: SHA-1, SHA2-224, SHA2- 256, SHA2-384, SHA2-512, SHA2- 512/224, SHA2-KDF ANS 9.42: (A5868, A5869, A5876, A5877, A5878, A5879,KAS-135KDF
512/256 Shared secret length: 224-8192 bits Security strength: 112- 256 bits512/256 Shared secret length: 224-8192 bits Security strength: 112- 256 bitsA5883, A5885, A5889)
Key Derivation with X9.63 KDFKey Derivation using X9.63 KDFHashes: SHA2- 224, SHA2-256, SHA2-384, SHA2- 512, SHA2- 512/224, SHA2- 512/256 Shared secret length: 224-8192 bits Security strength: 112- 256 bitsKDF ANS 9.63: (A5868, A5869, A5876, A5877, A5878, A5879, A5883, A5885, A5889)KAS-135KDF
Key Derivation with SSH KDFKey DerivationCiphers: AES- 128, AES-192, AES-256 Hashes: SHA-1, SHA2-224, SHA2- 256, SHA2-384, SHA2-512 Shared secret length: 224-8192 bits Security strength: 112- 256 bitsKDF SSH: (A5884, A5893, A5894, A5895, A5896, A5900)KAS-135KDF
Key Derivation with HKDFKey Derivation using HKDFMACs: HMAC with SHA-1, SHA2- 224, SHA2-256, SHA2-384, SHA2- 512, SHA2- 512/224, SHA2- 512/256, SHA3- 224, SHA3-256, SHA3-384, SHA3- 512 Shared secret length: 224-8192 bits Security strength: 112- 256 bitsKDA HKDF SP800-56Cr2: (A5863)KAS-56CKDF
TLS Key DerivationTLS 1.2 / 1.3 Key DerivationTLS v1.2 KDF RFC7627: Hashes: SHA2- 256, SHA2-384, SHA2-512; Support: extended master secret TLS v1.3 KDF: Modes: DHE, PSK, PSK-DHE; Hashes: SHA2- 256, SHA2-384 Shared secret length: 224-8192 bits Security strength: 112- 256 bitsTLS v1.3 KDF: (A5863) TLS v1.2 KDF RFC7627: (A5868, A5876, A5877, A5878, A5879, A5883, A5889)KAS-135KDF
Key Derivation with KBKDFKey derivation using KBKDFModes: Counter, Feedback MACs: CMAC with AES-128, AES- 192, AES-256 and HMAC with SHA-1, SHA2- 224, SHA2-256, SHA2-384, SHA2- 512, SHA2- 512/224, SHA2- 512/256, SHA3- 224, SHA3-256, SHA3-384, SHA3- 512 KDK length: 112- 4096 bits Security strength: 112- 256 bitsKDF SP800-108: (A5899)KBKDF
Password- based Key DerivationPassword- based Key DerivationOption: 1a Password length: 20-128 characters Salt length: 128- 4096 bits Iteration count: 1000-10000 Hashes: SHA-1, SHA2-224, SHA2-PBKDF: (A5868, A5869, A5876, A5877, A5878, A5879, A5883, A5885, A5889)PBKDF
Random Number GenerationRandom Number GenerationCounter DRBG: AES-128, AES- 192, AES-256, with/without derivation function, with/without prediction resistance; Internal state length: 256, 320, 384 bits; Security strength: 128, 192, 256 bits HMAC DRBG: SHA-1, SHA-256, SHA-512 with/without prediction resistance; Internal state length: 320, 512, 1024 bits; Security strength: 128, 256 bits Hash DRBG: SHA- 1, SHA-256, SHA- 512 with/without prediction resistance; Internal state length: 880, 1776 bits; Security strength: 128, 256 bitsCounter DRBG: (A5397) HMAC DRBG: (A5397) Hash DRBG: (A5397)DRBG
Signature GenerationSignature GenerationECDSA SigGen (FIPS 186-5): Curves: P-224, P- 256, P-384, P- 521; Hashes: SHA-224, SHA- 256, SHA-384, SHA-512, SHA- 512/224, SHA- 512/256, SHA3- 224, SHA3- 256, SHA3-384, SHA3- 512; Security strength: 112, 128, 192, 256 bits RSA SigGen (FIPS 186-5): Padding: PKCS#1 v1.5 and PSS; Moduli: 2048-16384 bits; Hashes: SHA- 224, SHA-256, SHA-384, SHA- 512, SHA- 512/224, SHA- 512/256, SHA3- 224, SHA3- 256, SHA3-384, SHA3- 512; Security strength: 112- 256 bits IG C.F Compliance: The module supports RSA modulus sizes which are not tested by CAVP in compliance with FIPS 140-3 IG C.FECDSA SigGen (FIPS186-5): (A5868, A5869, A5876, A5877, A5878, A5879, A5883, A5885, A5889) RSA SigGen (FIPS186-5): (A5868, A5869, A5876, A5877, A5878, A5879, A5883, A5885, A5889)DigSig-SigGen
Signature VerificationSignature VerificationECDSA SigVer (FIPS 186-5): Curves: P-224, P- 256, P-384, P- 521; Hashes: SHA-224, SHA- 256, SHA-384, SHA-512, SHA- 512/224, SHA-ECDSA SigVer (FIPS186-5): (A5868, A5869, A5876, A5877, A5878, A5879, A5883, A5885, A5889) RSA SigVer (FIPS186-2):DigSig-SigVer

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module © 2025 SUSE, LLC/atsec information security corporation.

Page 54

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module © 2025 SUSE, LLC/atsec information security corporation.

Page 55

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module Passwordbased Key Passwordbased Key © 2025 SUSE, LLC/atsec information security corporation.

Page 56

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module © 2025 SUSE, LLC/atsec information security corporation.

Page 57

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module © 2025 SUSE, LLC/atsec information security corporation.

Page 58
Service
NameDescriptionApproved Functions
512/256, SHA3- 224, SHA3- 256, SHA3-384, SHA3- 512; Security strength: 112, 128, 192, 256 bits RSA SigVer (FIPS 186-5): NIST SP 800-131A Rev. 2 Acceptable; Padding: PKCS#1 v1.5 and PSS; Moduli: 2048- 16384 bits; Hashes: SHA- 224, SHA-256, SHA-384, SHA- 512, SHA- 512/224, SHA- 512/256, SHA3- 224, SHA3- 256, SHA3-384, SHA3- 512; Security strength: 112- 256 bits RSA SigVer (FIPS 186-2) and RSA SigVer (FIPS 186- 4): NIST SP 800- 131A Rev. 2 Legacy use; Padding: PKCS#1 v1.5 and PSS; Moduli: 1024- 2047 bits; Hashes: SHA- 224, SHA-256, SHA-384, SHA- 512; Security strength: 80-111 bits IG C.F Compliance: The module supports RSA modulus sizes which are not tested by CAVP in compliance with FIPS 140-3 IG C.F512/256, SHA3- 224, SHA3- 256, SHA3-384, SHA3- 512; Security strength: 112, 128, 192, 256 bits RSA SigVer (FIPS 186-5): NIST SP 800-131A Rev. 2 Acceptable; Padding: PKCS#1 v1.5 and PSS; Moduli: 2048- 16384 bits; Hashes: SHA- 224, SHA-256, SHA-384, SHA- 512, SHA- 512/224, SHA- 512/256, SHA3- 224, SHA3- 256, SHA3-384, SHA3- 512; Security strength: 112- 256 bits RSA SigVer (FIPS 186-2) and RSA SigVer (FIPS 186- 4): NIST SP 800- 131A Rev. 2 Legacy use; Padding: PKCS#1 v1.5 and PSS; Moduli: 1024- 2047 bits; Hashes: SHA- 224, SHA-256, SHA-384, SHA- 512; Security strength: 80-111 bits IG C.F Compliance: The module supports RSA modulus sizes which are not tested by CAVP in compliance with FIPS 140-3 IG C.F(A5868, A5876, A5877, A5878, A5879, A5883, A5889) RSA SigVer (FIPS186-4): (A5868, A5876, A5877, A5878, A5879, A5883, A5889) RSA SigVer (FIPS186-5): (A5868, A5869, A5876, A5877, A5878, A5879, A5883, A5885, A5889)

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module © 2025 SUSE, LLC/atsec information security corporation.

Page 59
Service
NameDescriptionApproved FunctionsTypeProperties
Message Authentication CodeMessage Authentication CodeHMAC-SHA-1: (A5868, A5876, A5877, A5878, A5879, A5883, A5889) HMAC-SHA2- 224: (A5868, A5876, A5877, A5878, A5879, A5883, A5889) HMAC-SHA2- 256: (A5864, A5868, A5876, A5877, A5878, A5879, A5883, A5889) HMAC-SHA2- 384: (A5868, A5876, A5877, A5878, A5879, A5883, A5889) HMAC-SHA2- 512: (A5868, A5876, A5877, A5878, A5879, A5883, A5889) HMAC-SHA2- 512/224: (A5868, A5876, A5877, A5878, A5879, A5883, A5889) HMAC-SHA2- 512/256: (A5868, A5876, A5877, A5878, A5879, A5883, A5889) HMAC-SHA3- 224: (A5869, A5885) HMAC-SHA3- 256: (A5869, A5885) HMAC-SHA3- 384: (A5869, A5885) HMAC-SHA3- 512: (A5869, A5885) AES-CMAC:MACHMAC: Hashes: SHA-1, SHA-224, SHA-256, SHA- 384, SHA-512, SHA-512/224, SHA-512/256, SHA3-224, SHA3- 256, SHA3-384, SHA3-512; Key length: 112- 524288 bits; Security strength: 112- 256 bits AES CMAC and GMAC: Key length: 128, 192, 256 bits; Security strength: 128, 192, 256 bits
Message digestMessage digestSHA-1: (A5868, A5876, A5877, A5878, A5879, A5883, A5889) SHA2-224: (A5868, A5876, A5877, A5878, A5879, A5883, A5889) SHA2-256: (A5864, A5868, A5876, A5877, A5878, A5879, A5883, A5889) SHA2-384: (A5868, A5876, A5877, A5878, A5879, A5883, A5889) SHA2-512: (A5868, A5876, A5877, A5878, A5879, A5883, A5889) SHA2-512/224: (A5868, A5876, A5877, A5878, A5879, A5883, A5889) SHA2-512/256: (A5868, A5876, A5877, A5878, A5879, A5883, A5889) SHA3-224: (A5869, A5885) SHA3-256: (A5869, A5885)SHA XOFHashes: SHA-1, SHA-224, SHA- 256, SHA-384, SHA-512, SHA- 512/224, SHA- 512/256, SHA3- 224, SHA3-256, SHA3-384, SHA3- 512 XOFs: SHAKE- 128, SHAKE-256
Authenticated Symmetric EncryptionAuthenticated Symmetric EncryptionAES-CCM: (A5398, A5399, A5400, A5401, A5402, A5403, A5658) AES-GCM: (A5870, A5871, A5872, A5873, A5874, A5875, A5880, A5881, A5882, A5886, A5887, A5888, A5903, A5904, A5905) AES-KW: (A5398, A5399, A5400, A5401, A5402, A5403, A5658) AES-KWP: (A5398, A5399, A5400, A5401, A5402, A5403, A5658)BC-AuthKey Length: 128, 192, 256 bits Security strength: 128, 192, 256 bits
Authenticated Symmetric DecryptionAuthenticated Symmetric DecryptionAES-GCM: (A5870, A5871, A5872, A5873, A5874, A5875, A5880, A5881, A5882, A5886, A5887, A5888, A5903, A5904, A5905) AES-CCM: (A5398, A5399, A5400, A5401, A5402, A5403, A5658) AES-KW: (A5398, A5399, A5400, A5401,BC-AuthKey Length: 128, 192, 256 bits Security strength: 128, 192, 256 bits
Key Pair Generation with ECDSAKey Pair Generation using ECDSAECDSA KeyGen (FIPS186-5): (A5868, A5876, A5877, A5878, A5879, A5883, A5889) Asymmetric Cryptographic Key Generation (CKG): ()AsymKeyPair- KeyGen CKGMode: FIPS 186-5 A.2.2: Rejection Sampling Curves: P-224, P- 256, P-384, P- 521 Security strength: 112, 128, 192, 256 bits
Key Pair Generation with RSAKey Pair Generation using RSARSA KeyGen (FIPS186-5): (A5868, A5876, A5877, A5878, A5879, A5883, A5889) Asymmetric Cryptographic Key Generation (CKG): ()AsymKeyPair- KeyGen CKGMode: FIPS 186- 5, A.1.6: Probable Primes Based on Auxiliary Probable Moduli: 2048- 15360 bits Security strength: 112- 256 bits IG C.F Compliance: The module supports RSA modulus sizes which are not tested by CAVP in compliance with FIPS 140-3 IG C.F
Key Pair Generation with Safe PrimesKey Pair Generation using Safe PrimesSafe Primes Key Generation: (A5898) Asymmetric Cryptographic Key Generation (CKG): ()AsymKeyPair- KeyGen CKGMode: Testing Candidates (SP 800-56Arev3 Appendix 5.6.1.1.4) Groups: ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192,
Key Pair Verification with ECDSAKey Pair Verification using ECDSAECDSA KeyVer (FIPS186-5): (A5868, A5876, A5877, A5878, A5879, A5883, A5889)AsymKeyPair- KeyVerMode: FIPS 186-5 A.2.2: Rejection Sampling Curves: P-224, P- 256, P-384, P- 521 Security strength: 112, 128, 192, 256 bits
Key Pair Verification with Safe PrimesKey Pair Verification using Safe PrimesSafe Primes Key Verification: (A5898)AsymKeyPair- KeyVerMode: Testing Candidates (SP 800-56Arev3 Appendix 5.6.1.1.4) Groups: ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192, MODP-2048, MODP-3072, MODP-4096, MODP-6144, MODP-8192 Security strength: 112- 200 bits
Shared Secret Computation with DHShared Secret Computation using DHKAS-FFC-SSC Sp800-56Ar3: (A5898)KAS-SSCCompliance: SP 800-56A Rev. 3, FIPS 140-3 IG D.F. Scenario 2 (1) Scheme: dpEphem KAS Role: initiator, responder Groups:
Shared Secret Computation with ECDHShared Secret Computation using EC Diffie- HellmanKAS-ECC-SSC Sp800-56Ar3: (A5868, A5876, A5877, A5878, A5879, A5883, A5889)KAS-SSCCompliance: SP 800-56A Rev. 3, FIPS 140-3 IG D.F. Scenario 2 (1) Scheme: ephemeralUnified KAS Role: initiator, responder Curves: P-224, P- 256, P-384, P- 521 Security strength: 112, 128, 192, 256 bits
Shared Secret Computation with RSAShared Secret Computation using RSAKAS-IFC-SSC: (A5868, A5876, A5877, A5878, A5879, A5883, A5889)KAS-SSC
Asymmetric Encryption with RSAAsymmetric encryption using RSAKTS-IFC: (A5868, A5876, A5877, A5878, A5879, A5883, A5889)KTS-Encap
Asymmetric Decryption with RSAAsymmetric decryption using RSAKTS-IFC: (A5868, A5876, A5877, A5878, A5879, A5883, A5889)KTS-Decap

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module © 2025 SUSE, LLC/atsec information security corporation.

Page 60

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module © 2025 SUSE, LLC/atsec information security corporation.

Page 61

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module © 2025 SUSE, LLC/atsec information security corporation.

Page 62

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module AsymKeyPairKeyGen AsymKeyPairKeyGen AsymKeyPairKeyGen 5.6.1.1.4) © 2025 SUSE, LLC/atsec information security corporation.

Page 63

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module AsymKeyPairKeyVer AsymKeyPairKeyVer 5.6.1.1.4) (1) © 2025 SUSE, LLC/atsec information security corporation.

Page 64

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module (1) Table 9: Security Function Implementations © 2025 SUSE, LLC/atsec information security corporation.

Page 65

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module

2.7 Algorithm Specific Information
2.7.1 AES GCM IV

For TLS 1.2, the module offers the AES GCM implementation and uses the context of Scenario 1 of FIPS 140-3 IG C.H. The module is compliant with SP 800-52 Rev. 2 Section

3.3.1 and the mechanism for IV generation is compliant with RFC 5288 and 8446.

The module does not implement the TLS protocol. The module’s implementation of AES GCM is used together with an application that runs outside the module’s cryptographic boundary. The design of the TLS protocol implicitly ensures that the counter (the nonce_explicit part of the IV) does not exhaust the maximum number of possible values for a given session key. In the event the module’s power is lost and restored, the consuming application must ensure that a new key for use with the AES GCM key encryption or decryption under this scenario shall be established. Alternatively, the Crypto Officer can use the module’s API to perform AES GCM encryption using internal IV generation. These IVs are always 96 bits and generated using the approved DRBG internal to the module’s boundary, compliant to Scenario 2 of FIPS 140-3 IG C.H. The module also provides a non-approved AES GCM encryption service which accepts arbitrary external IVs from the operator. This service can be requested by invoking the EVP_EncryptInit_ex2 API function with a non-NULL IV value. When this is the case, the API will set a non-approved service indicator. Finally, for TLS 1.3, the AES GCM implementation uses the context of Scenario 5 of FIPS 1403 IG C.H. The protocol that provides this compliance is TLS 1.3, defined in RFC8446 of August 2018, using the cipher-suites that explicitly select AES GCM as the encryption/decryption cipher (Appendix B.4 of RFC8446). The module supports acceptable AES GCM cipher suites from Section 3.3.1 of SP 800-52 Rev. 2. The module’s implementation of AES GCM is used together with an application that runs outside the module’s cryptographic boundary. The design of the TLS protocol implicitly ensures that the counter (the nonce_explicit part of the IV) does not exhaust the maximum number of possible values for a given session key.

2.7.2 AES XTS

The length of a single data unit encrypted or decrypted with AES XTS shall not exceed 2²⁰ AES blocks, that is 16MB, of data per XTS instance. An XTS instance is defined in Section 4 of SP 800-38E. To meet the requirement stated in IG C.I, the module implements a check that ensures, before performing any cryptographic operation, that the two AES keys used in AES XTS mode are not identical. As the module does not generate symmetric keys, the check is performed when keys are input the service APIs. Key_1 and Key_2 shall be generated and/or established independently according to the rules for component symmetric keys from NIST SP 800-133rev2, Sec. 6.3. The XTS mode shall only be used for the cryptographic protection of data on storage devices. It shall not be used for other purposes, such as the encryption of data in transit.

2.7.3 Key Derivation using SP 800-132 PBKDF2

The module provides password-based key derivation (PBKDF2), compliant with SP 800-132. The module supports option 1a from Section 5.4 of SP 800-132, in which the Master Key (MK) or a segment of it is used directly as the Data Protection Key (DPK). In accordance to SP 800-132 and FIPS 140-3 IG D.N, the following requirements are met: © 2025 SUSE, LLC/atsec information security corporation.

Page 66

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module

2.7.4 SP 800-56A Rev. 3 Assurances

To comply with the assurances found in Section 5.6.2 of SP 800-56A Rev. 3, the operator must use the module together with an application that implements the TLS protocol. Additionally, the module’s approved key pair generation service (see Approved Services table in Section 4.3 Approved Services) must be used to generate ephemeral Diffie-Hellman or EC Diffie-Hellman key pairs, or the key pairs must be obtained from another FIPSvalidated module. As part of this service, the module will internally perform the full public key validation of the generated public key. The module’s shared secret computation service will internally perform the full public key validation of the peer public key, complying with Sections 5.6.2.2.1 and 5.6.2.2.2 of SP 80056A Rev. 3.

2.7.5 SHA-3

The module implements the SHA-3 algorithms as both standalone and part of higher-level algorithms (in compliance with FIPS 140-3 IG C.C). As detailed in Section 2.6 Security Function Implementations with corresponding certificates, the cryptographic algorithms that use of SHA-3 include RSA signature generation and verification, ECDSA signature generation and verification, KBKDF, KDA HKDF, X9.63 KDF, X9.42 KDF, PBKDF, OneStep KDA, and HMAC. In addition, the implementation of the extendable output functions SHAKE128 and SHAKE256 were verified to have a standalone usage.

2.7.6 RSA Signatures

The module supports RSA Signature Verification for 1024, 1280, 1536 and 1792-bit keys. This is allowed by FIPS 140-3 IG C.F. Specifically, 1280 and 1792 cannot be CAVP tested but are approved for signature verification in IG C.F. The 1024-bit modulus has been CAVP tested for RSA signature verification in compliance with FIPS 186-4, while the 1536-bit modulus has been CAVP tested for RSA signature verification in compliance with FIPS 186-2. For all other approved moduli (namely 2048, 3072, and 4096 bit keys) supported by the module, RSA signature verification is approved and CAVP tested in compliance with FIPS 186-5. © 2025 SUSE, LLC/atsec information security corporation.

Page 67
CertVendor
NumberName
E177SUSE LLC

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module

2.7.7 RSA Key Agreement

To comply with the assurances found in Section 6.4 of SP 800-56B Rev. 2, the module’s approved RSA key pair generation service (see Table 9) must be used to generate the RSA key pairs, or the key pairs must be obtained from another FIPS-validated module. As part of this service, the module will internally perform the key pair validity and the pairwise consistency according to Section 6.4.1.1 of SP 800-56B Rev. 2. Additionally, the entity requesting the shared secret computation service shall verify the validity of the peer’s public key using the public key validation service of the module (EVP_PKEY_check() API). This service will perform the full public key validation of the peer’s public key, complying with Section 6.4.2.1 of SP 800-56B Rev. 2.

2.7.8 Compliance to SP 800-56Br2 Assurances

To comply with the assurances found in Section 6.4 of SP 800-56Br2, the operator must use the module in the context of the TLS or SSH protocols. Additionally, the module’s approved key pair generation service (see Section 4.3) must be used to generate RSA key pairs, or the key pairs must be obtained from another FIPS-validated module. As part of this service, the module will internally perform the key pair validation of the generated public key. The operator must use the EVP_PKEY_public_check() API to perform partial public key validation of the peer public key, complying with Section 6.4.2.2 of SP 800-56Br2. The operator must also confirm the peer’s possession of private key by using any method specified in Section 6.4.2.3 of SP 800-56Br2.

2.7.9 Key Transport and Key Agreement

The module does not establish SSPs using an approved key transport scheme (KTS). However, it does offer approved authenticated algorithms that can be used by an external operator/application as part of an approved KTS. The module does not establish SSPs using an approved key agreement scheme (KAS). However, it does offer some or all of the underlying KAS cryptographic functionality to be used by an external operator/application as part of an approved KAS.

2.7.10 SHA-1 Use

SHA-1 is only approved when used in approved modes for message digest, HMAC, HKDF, KDA OneStep/TwoStep, PBKDF, SSH KDF, ANS x9.42 KDF, KBKDF, Hash DRBG, HMAC DRBG, RSA OAEP. The use of SHA-1 for digital signature generation (e.g., ECDSA, RSA, EdDSA) or verification is non-approved.

2.8 RBG and Entropy

Table 10: Entropy Certificates © 2025 SUSE, LLC/atsec information security corporation.

Page 68
Sensitive security parameter
NameTypeStrengthOperational EnvironmentConditioning Component
SUSE OpenSSL CPU Time Jitter RNG Entropy SourceNon- Physical256 bitsSUSE Linux Enterprise Server 15 SP6 on AMD EPYC™ 7343; SUSE Linux Enterprise Server 15 SP6 on Ampere® Altra® Q80- 30; SUSE Linux Enterprise Server 15 SP6 on Intel® Xeon® Gold 5416S; SUSE Linux Enterprise Server 15 SP6 on IBM® Telum™full entropyAES-256-CTR- DRBG (A5397); SHA3-256 (A5411)

NonPhysical Table 11: Entropy Sources As per the Public document of entropy certificate E177, the entropy source provides full In addition to the DRBG algorithms provided to the operator, the module internally uses two dedicated DRBG instances based on SP 800-90A Rev. 1 to generate seeds for asymmetric key pairs and random numbers for security functions. The following parameters are used:

  1. Private DRBG: AES-256 CTR_DRBG with derivation function. This DRBG is used to generate secret random values (e.g. during asymmetric key pair generation). It can be accessed using RAND_priv_bytes.
  2. Public DRBG: AES-256 CTR_DRBG with derivation function. This DRBG is used to generate general purpose random values that do not need to remain secret (e.g. initialization vectors). It can be accessed using RAND_bytes.
2.9 Key Generation

The module implements asymmetric key pair generation compliant with SP 800-133 Rev. 2 as listed in the Security Function Implementations table in 2.6 Security Function Implementations. When random values are required, they are obtained from the SP 800-90A Rev. 1 approved DRBG, compliant with Section 4 of SP 800-133 Rev. 2 (without XOR). Intermediate key generation values are not output from the module and are explicitly zeroized after processing the service.

2.10 Key Establishment

The module provides Diffie-Hellman (DH) and Elliptic Curve Diffie-Hellman (ECDH) shared secret computation compliant with SP 800-56A Rev. 3, in accordance with scenario 2 (1) of FIPS 140-3 IG D.F. For Diffie-Hellman, the module supports the use of the safe primes defined in RFC 3526 (IKE) and RFC 7919 (TLS). Note that the module only implements key pair generation, key pair verification, and shared secret computation. No other part of the IKE or TLS protocols is implemented (with the exception of the TLS 1.2 and 1.3 KDFs): © 2025 SUSE, LLC/atsec information security corporation.

Page 69

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module • IKE (RFC 3526): o o o o • MODP-2048 (ID =

  1. MODP-3072 (ID =
  2. MODP-4096 (ID =
  3. MODP-6144 (ID = 17) o MODP-8192 (ID = 18) o ffdhe2048 (ID = 256) TLS (RFC 7919) o o o o ffdhe3072 (ID = 257) ffdhe4096 (ID = 258) ffdhe6144 (ID = 259) ffdhe8192 (ID = 260) For Elliptic Curve Diffie-Hellman, the module supports the NIST-defined P-224, P-256, P-384, and P-521 curve. According to FIPS 140-3 IG D.B, the key sizes of DH and ECDH shared secret computation provide respectively 112-200 and 112-256 bits of security strength in an approved mode of operation. In addition, the module provides RSA shared secret computation compliant with SP 800-56B Rev. 2, in accordance with scenario 1 (1) of FIPS 140-3 IG D.F. For RSA key generation, the module provides 2048-15360 bits keys. Therefore, according to FIPS 140-3 IG D.B, the key sizes of RSA shared secret computation provide 112-256 bits of security strength in the approved mode of operation.
2.11 Industry Protocols

The module implements the SSH key derivation function for use in the SSH protocol (RFC

4253 and RFC 6668).

GCM with internal IV generation in the approved mode is compliant with versions 1.2 and 1.3 of the TLS protocol (RFC 5288 and 8446) and shall only be used in conjunction with the TLS protocol. Additionally, the module implements the TLS 1.2 and TLS 1.3 key derivation functions for use in the TLS protocol. No parts of the SSH, TLS, or IKE protocols, other than those mentioned above, have been tested by the CAVP and CMVP. © 2025 SUSE, LLC/atsec information security corporation.

Page 70
Ports and interfaces
NamePhysical PortLogical InterfaceData That Passes
N/AN/AData InputAPI input parameters
N/AN/AData OutputAPI output parameters
N/AN/AControl InputAPI function calls
N/AN/AStatus OutputAPI return codes, error queue

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module

3 Cryptographic Module Interfaces
3.1 Ports and Interfaces

N/A N/A N/A N/A Table 12: Ports and Interfaces The logical interfaces are the APIs through which the applications request services. These logical interfaces are logically separated from each other by the API design. The module does not implement a control output interface. © 2025 SUSE, LLC/atsec information security corporation.

Page 71
Service
NameDescriptionRole AccessCsps AccessedApproved FunctionsIndicatorTypeInputOutput
Crypto OfficerCORoleNone
Symmet ric Encrypti onUsed to perform symme tric encrypt ion of an entry plaintex tCrypto Officer - AES key: W,ESymmet ric Encrypti on with AESEVP_EncryptFinal_ex returns 1Plainte xt, AES key, IVCiphert ext
Symmet ric Decrypti onUsed to perform symme tric decrypt ion of an entry ciphert extCrypto Officer - AES key: W,ESymmet ric Decrypti on with AESEVP_DecryptFinal_ex returns 1Ciphert ext, AES key, IVPlainte xt
Service
NameDescriptionRole AccessCsps AccessedApproved FunctionsIndicatorTypeInputOutput
Crypto OfficerCORoleNone
Symmet ric Encrypti onUsed to perform symme tric encrypt ion of an entry plaintex tCrypto Officer - AES key: W,ESymmet ric Encrypti on with AESEVP_EncryptFinal_ex returns 1Plainte xt, AES key, IVCiphert ext
Symmet ric Decrypti onUsed to perform symme tric decrypt ion of an entry ciphert extCrypto Officer - AES key: W,ESymmet ric Decrypti on with AESEVP_DecryptFinal_ex returns 1Ciphert ext, AES key, IVPlainte xt
Authent icated Encrypti onUsed to perform authent icated symme tric encrypt ion with AESCrypto Officer - AES key: W,EAuthent icated Symmet ric Encrypti onAES-GCM: EVP_CIPHER_SUSE_FIPS_INDI CATOR_APPROVED; Others: EVP_EncryptFinal_ex returns 1Plainte xt, AES key, IVCiphert ext, MAC tag
Authent icated Decrypti onUsed to perform authent icated symme tric decrypt ion with AESCrypto Officer - AES key: W,EAuthent icated Symmet ric Decrypti onAES-GCM: EVP_CIPHER_SUSE_FIPS_INDI CATOR_APPROVED; Others: EVP_DecryptFinal_ex returns 1Ciphert ext, AES key, IV, MAC tagPlainte xt or failure
Messag e Authent ication CodeComput e a MAC tagCrypto Officer - HMAC key: W,E - AES key: W,EMessag e Authent ication CodeHMAC: EVP_MAC_SUSE_FIPS_INDICAT OR_APPROVED; Others: EVP_MAC_final returns 1Messag e, AES key or HMAC keyMAC tag
Messag e DigestUsed to generat e a SHA-1, SHA-2, or SHA- 3/SHAK E messag e digestCrypto OfficerMessag e digestEVP_DigestFinal_ex returns 1Messag eMessag e digest
Key Derivati on with KBKDFDerive a key from a key- derivati on keyCrypto Officer - Key Derivat ion Key: W,E -Key Derivati on with KBKDFEVP_KDF_SUSE_FIPS_INDICAT OR_APPROVEDKey- derivati on keyKBKDF Derive d Key
Key Derivati on with HKDFDerive a key from a shared secret using HKDFCrypto Officer - Shared Secret: W,E - HKDF Derive d Key: G,RKey Derivati on with HKDFEVP_KDF_SUSE_FIPS_INDICAT OR_APPROVEDShared secretHKDF Derive d Key
Key Derivati on with SSH KDFDerive a key from a shared secret using SSH KDFCrypto Officer - Shared Secret: W,E - SSH Derive d Key: G,RKey Derivati on with SSH KDFEVP_KDF_SUSE_FIPS_INDICAT OR_APPROVEDShared secretSSH Derive d Key
Key Derivati on with X9.63 KDFDerive a key from a shared secret using X9.63 KDFCrypto Officer - Shared Secret: W,E - X9.63 Derive d Key: G,RKey Derivati on with X9.63 KDFEVP_KDF_SUSE_FIPS_INDICAT OR_APPROVEDShared secretX9.63 Derive d Key
Key Derivati on with X9.42 KDFDerive a key from a shared secret using X9.63 KDFCrypto Officer - Shared Secret: W,E - X9.42 Derive d Key: G,RKey Derivati on with X9.42 KDFEVP_KDF_SUSE_FIPS_INDICAT OR_APPROVEDShared secretX9.42 Derive d Key
Key Derivati on with KDA OneSte pDerive a key from a shared secret using KDA OneSte pCrypto Officer - Shared Secret: W,E - KDA OneSte p Derive d Key: G,RKey Derivati on with KDA OneSte pEVP_KDF_SUSE_FIPS_INDICAT OR_APPROVEDShared secretKDA OneSte p Derive d Key
Key Derivati on with KDA TwoSte pDerive a key from a shared secret using KDA TwoSte pCrypto Officer - Shared Secret: W,E - KDA TwoSte p Derive d Key: G,RKey Derivati on with KDA TwoSte pEVP_KDF_SUSE_FIPS_INDICAT OR_APPROVEDShared secretKDA TwoSte p Derive d Key
TLS Key Derivati onDerive a key from a shared secret using TLS 1.2 KDF / TLS 1.3 KDFCrypto Officer - Shared Secret: W,E - TLS Derive d Key: G,RTLS Key Derivati onEVP_KDF_SUSE_FIPS_INDICAT OR_APPROVEDShared secretTLS Derive d Key
Passwor d-based Key Derivati onDerive a key from a passwo rdCrypto Officer - Passwo rd or passph rase: W,E - PBKDF DerivePasswor d-based Key Derivati onEVP_KDF_SUSE_FIPS_INDICAT OR_APPROVEDPasswo rd or passph rasePBKDF Derive d Key
Shared Secret Comput ation with DHComput e a shared secretCrypto Officer - DH Private key: W,E - DH Public key: W,E - Shared Secret: G,RShared Secret Comput ation with DHEVP_PKEY_derive returns 1DH private key, DH public key (peer)Shared secret
Shared Secret Comput ation with ECDHComput e a shared secretCrypto Officer - EC Private key: W,E - EC Public key: W,E - Shared Secret: G,RShared Secret Comput ation with ECDHEVP_PKEY_derive returns 1EC private key, EC public key (peer)Shared secret
Shared Secret Comput ation with RSAComput e a shared secretCrypto Officer - RSA private key: W,E - RSA public key: W,E - Shared Secret: G,RShared Secret Comput ation with RSAEVP_PKEY_derive returns 1RSA private key, RSA public key (peer)Shared secret
Asymm etric Encrypti onPerform RSA- based encrypt ion (compli ant with SP 800- 56B Rev. 2))Crypto Officer - RSA public key: W,EAsymm etric Encrypti on with RSAEVP_PKEY_encrypt returns 1RSA public key (peer), plainte xt keyEncaps ulated key
Asymm etric Decrypti onPerform RSA- based decrypt ion (compli ant with SP 800- 56B Rev. 2))Crypto Officer - RSA private key: W,EAsymm etric Decrypti on with RSAEVP_PKEY_decrypt returns 1RSA private key (owner) , encaps ulated keyPlainte xt key
Signatur e Generat ionGenera te a digital signatu reCrypto Officer - RSA private key: W,E - EC Private key: W,ESignatur e Generat ionEVP_SIGNATURE_SUSE_FIPS_I NDICATOR_APPROVEDMessag e, private keySignatu re
Signatur e Verificat ionVerify a digital signatu reCrypto Officer - RSA public key: W,E - EC Public key: W,ESignatur e Verificat ionEVP_SIGNATURE_SUSE_FIPS_I NDICATOR_APPROVEDMessag e, public key, signatu rePass/fai l
Key Pair Generat ionGenera te a key pairCrypto Officer - Module - genera ted RSA private key: G,R - Module - genera ted DH Private key: G,R - Module - genera ted RSA public key: G,R - Module - genera ted DH Public key: G,R - Module - genera ted EC Private key: G,R - Module - generaKey Pair Generat ion with RSA Key Pair Generat ion with ECDSA Key Pair Generat ion with Safe PrimesEVP_PKEY_Generate returns 1Group or Curve or Modulu s bitsDH key pair; EC key pair; RSA key pair
Key Pair Verificat ion with Safe PrimesVerify a key pair generat ed with Safe PrimesCrypto Officer - DH Public key: W,E - DH Private key: W,EKey Pair Verificat ion with Safe PrimesEVP_PKEY_public_check or EVP_PKEY_private_check or EVP_PKEY_check returns 1Key pairPass/fai l
Key Pair Verificat ion with ECDSAVerify a key pair generat ed with ECDSACrypto Officer - EC Public key: W,E - EC Private key: W,EKey Pair Verificat ion with ECDSAEVP_PKEY_public_check or EVP_PKEY_private_check or EVP_PKEY_check returns 1Key pairPass/fai l
Key Pair Verificat ion with RSAVerify a key pair generat ed with RSACrypto Officer - RSA public key: W,E - RSA private key: W,EEVP_PKEY_public_check or EVP_PKEY_private_check or EVP_PKEY_check returns 1Key pairPass/fai l
Random Number Generat ionGenera te random bytesCrypto Officer - Entrop y input: W,E - DRBG interna l state (V value, C value): G,W,E - DRBG interna l state (V value, Key): G,W,E - DRBG seed: G,W,ERandom Number Generat ionEVP_RAND_generate returns 1Output lengthRando m bytes
Show statusShow the current status of the moduleCrypto OfficerNoneNoneN/AModule status
Show module name and versionShow module name and the version of the moduleCrypto OfficerNoneNoneN/AName and version informa tion
Self-testPerform CASTs and integrit y testCrypto OfficerMessag e digest Messag e Authent ication CodeNoneN/APass/fai l result of self- tests

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module

4 Roles, Services, and Authentication

N/A for this module. The module does not support authentication methods.

4.2 Roles

Table 13: Roles The module supports the Crypto Officer role only. This sole role is implicitly and always assumed by the operator of the module when performing a service. The module does not support multiple concurrent operators.

4.3 Approved Services

y s t W,E W,E © 2025 SUSE, LLC/atsec information security corporation.

Page 72

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module y s W,E W,E e ea e W,E W,E ea E e e keyderivati Keyderivati W,E © 2025 SUSE, LLC/atsec information security corporation.

Page 73

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module y s G,R W,E G,R W,E G,R W,E G,R W,E G,R © 2025 SUSE, LLC/atsec information security corporation.

Page 74

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module y s p p p p W,E p G,R p p p p W,E p G,R W,E G,R W,E © 2025 SUSE, LLC/atsec information security corporation.

Page 75

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module y s G,R ea W,E W,E G,R ea W,E W,E G,R ea W,E W,E G,R © 2025 SUSE, LLC/atsec information security corporation.

Page 76

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module y s RSAbased 80056B W,E RSAbased 80056B , W,E e e, e W,E W,E e e, l e W,E W,E © 2025 SUSE, LLC/atsec information security corporation.

Page 77

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module y s G,R G,R G,R G,R G,R © 2025 SUSE, LLC/atsec information security corporation.

Page 78

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module y s G,R G,E,Z l W,E W,E l W,E W,E l W,E W,E © 2025 SUSE, LLC/atsec information security corporation.

Page 79

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module y s m y W,E (V C G,W,E (V G,W,E G,W,E N/A N/A N/A of selftests e © 2025 SUSE, LLC/atsec information security corporation.

Page 80

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module y s e e p © 2025 SUSE, LLC/atsec information security corporation.

Page 81
Service
NameDescriptionRole AccessCsps AccessedIndicatorInputOutput
Zeroizat ionZeroize SSPs.NoneCrypto Officer - AES key: Z - HMAC key: Z - RSA private key: Z - RSA public key: Z - DH Private key: ZNoneAny SSPN/A

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module y s N/A © 2025 SUSE, LLC/atsec information security corporation.

Page 82

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module y s Z Z Z Z Z Z p © 2025 SUSE, LLC/atsec information security corporation.

Page 83

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module y s Z p Z Z Z y Z (V C Z (V Z Table 14: Approved Services © 2025 SUSE, LLC/atsec information security corporation.

Page 84
Service
NameDescriptionRolesRole AccessApproved Functions
OSSL_CIPHER_PARAM_SUSE_FIPS_INDICATOREVP_CIPHER_CTX
OSSL_MAC_PARAM_SUSE_FIPS_INDICATOREVP_MAC_CTX
OSSL_KDF_PARAM_SUSE_FIPS_INDICATOREVP_KDF_CTX
OSSL_SIGNATURE_PARAM_SUSE_FIPS_INDICATOREVP_PKEY_CTX
AES GCM (external IV)Authenticated EncryptionCOAES GCM (external IV)
HMAC (< 112- bit keys)Compute a MAC tagCOHMAC (< 112-bit keys)
Key derivationDerive a key from a key- derivation key or a shared secretCOKBKDF, KDA OneStep, KDA TwoStep, HKDF, ANS X9.42 KDF, ANS X9.63 KDF (< 112-bit keys) KDA OneStep, KDA TwoStep (SHAKE128, SHAKE256) ANS X9.42 KDF (SHAKE128, SHAKE256) ANS X9.63 KDF (SHA-1, SHAKE128, SHAKE256) SSH KDF (SHA-512/224, SHA-
Service
NameDescriptionRolesRole AccessApproved Functions
OSSL_CIPHER_PARAM_SUSE_FIPS_INDICATOREVP_CIPHER_CTX
OSSL_MAC_PARAM_SUSE_FIPS_INDICATOREVP_MAC_CTX
OSSL_KDF_PARAM_SUSE_FIPS_INDICATOREVP_KDF_CTX
OSSL_SIGNATURE_PARAM_SUSE_FIPS_INDICATOREVP_PKEY_CTX
AES GCM (external IV)Authenticated EncryptionCOAES GCM (external IV)
HMAC (< 112- bit keys)Compute a MAC tagCOHMAC (< 112-bit keys)
Key derivationDerive a key from a key- derivation key or a shared secretCOKBKDF, KDA OneStep, KDA TwoStep, HKDF, ANS X9.42 KDF, ANS X9.63 KDF (< 112-bit keys) KDA OneStep, KDA TwoStep (SHAKE128, SHAKE256) ANS X9.42 KDF (SHAKE128, SHAKE256) ANS X9.63 KDF (SHA-1, SHAKE128, SHAKE256) SSH KDF (SHA-512/224, SHA-

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module The module provides services to operators that assume the available role. All services are described in detail in the API documentation (manual pages). The convention below applies when specifying the access permissions (types) that the service has for each SSP.

4.4 Non-Approved Services

© 2025 SUSE, LLC/atsec information security corporation.

Page 85
Service
NameDescriptionRolesApproved Functions
PBKDF2 (< 112-bit keys)Derive a key from a passwordCOPBKDF2 (< 8 characters password; < 128 salt length; < 1000 iterations; < 112-bit keys)
Signature generationGenerate a signatureCORSA and ECDSA (pre-hashed message) RSA-PSS (invalid salt length: FIPS 186-5, section 5.4, item(g))
Signature verificationVerify a signatureCORSA and ECDSA (pre-hashed message) RSA-PSS (invalid salt length: FIPS 186-5, section 5.4, item(g))

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module Table 16: Non-Approved Services The table above lists the non-approved services in this module, the algorithms involved and the roles that can request the service. In this table, CO specifies the Crypto Officer role.

4.5 External Software/Firmware Loaded

The module does not load external software or firmware. © 2025 SUSE, LLC/atsec information security corporation.

Page 86

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module

5 Software/Firmware Security
5.1 Integrity Techniques

The integrity of the module is verified by comparing a HMAC SHA-256 value calculated at run time with the HMAC SHA-256 value embedded in the fips.so file that was computed at build time. The module performs a KAT for the HMAC SHA-256 algorithm in order to test its proper operation before performing the checksum of the fips.so file.

5.2 Initiate on Demand

Integrity tests are performed as part of the pre-operational self-tests, which are executed when the module is initialized. The integrity test may be invoked on-demand by unloading and subsequently re-initializing the module, or by calling the OSSL_PROVIDER_self_test function. This will perform (among others) the software integrity test. © 2025 SUSE, LLC/atsec information security corporation.

Page 87

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module

6 Operational Environment
6.1 Operational Environment Type and Requirements

Type of Operational Environment: Modifiable How Requirements are Satisfied: Any SSPs contained within the module are protected by the process isolation and memory separation mechanisms, and only the module has control over these SSPs.

6.2 Configuration Settings and Restrictions

The module shall be installed as stated in Section 11 Life-Cycle Assurance. If properly installed, the operating system provides process isolation and memory protection mechanisms that ensure appropriate separation for memory access among the processes on the system. Each process has control over its own data and uncontrolled access to the data of other processes is prevented. Instrumentation tools like the ptrace system call, gdb and strace, userspace live patching, as well as other tracing mechanisms offered by the Linux environment such as ftrace or systemtap, shall not be used in the operational environment. The use of any of these tools implies that the cryptographic module is running in a non-validated operational environment. © 2025 SUSE, LLC/atsec information security corporation.

Page 88

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module

7 Physical Security

The module is comprised of software only and therefore this Section is Not Applicable (N/A). © 2025 SUSE, LLC/atsec information security corporation.

Page 89

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module

8 Non-Invasive Security

This module does not implement any non-invasive security mechanism, and therefore this Section is not applicable. © 2025 SUSE, LLC/atsec information security corporation.

Page 90
Sensitive security parameter
NameTypeDescription
RAMDynamicTemporary storage for SSPs used by the module as part of service execution. SSPs are stored until they are zeroized by the operator (using a zeroization call or removing power from the module) or zeroized automatically
Service
NameApproved FunctionsTypeFromToDistributio n Type
API input parameter sElectroni cPlaintex tOperator calling application (TOEPP)Cryptographi c moduleManual
API output parameter sElectroni cPlaintex tCryptographi c moduleOperator calling application (TOEPP)Manual
ZeroizationDescriptionRationaleOperator
MethodInitiation
Free cipher handleZeroizes the SSPs contained within the cipher handle.By calling the appropriate zeroization functions: AES key: EVP_CIPHER_CTX_free and EVP_MAC_CTX_free; HMAC key: EVP_MAC_CTX_free; Key-derivation key:By calling the cipher related zeroization API

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module

9 Sensitive Security Parameters Management
9.1 Storage Areas

Table 17: Storage Areas The module does not perform persistent storage of SSPs. The SSPs are temporarily stored in the RAM in plaintext form.

9.2 SSP Input-Output Methods

s t c s t c m Table 18: SSP Input-Output Methods on the same operational environment. This corresponds to manual distribution, electronic entry/output (“CM Software to/from App via TOEPP Path”) per FIPS 140-3 IG 9.5.A Table 1. There is no entry or output of cryptographically protected SSPs.

9.3 SSP Zeroization Methods

© 2025 SUSE, LLC/atsec information security corporation.

Page 91
Sensitive security parameter
NameDescriptionZeroization
Memory occupied by SSPs is overwritten with zeroes, which renders the SSP values irretrievable.Automatically zeroized by the module when no longer neededAutomaticN/A
Volatile memory used by the module is overwritten within nanoseconds when power is removed.De-allocates the volatile memory used to store SSPsModule ResetBy unloading and reloading the module

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module N/A Table 19: SSP Zeroization Methods The application that uses the module is responsible for the appropriate zeroization of SSPs. The module provides key allocation and destruction functions, which overwrites the memory Memory allocation of SSPs is performed by the OPENSSL_malloc() API call and the application in use of the module is responsible for the calling of the appropriate zeroization functions from the OpenSSL API. The zeroization functions then overwrite the memory OPENSSL_cleanse() should be used to overwrite sensitive data such as private keys. All data output is inhibited during zeroization. © 2025 SUSE, LLC/atsec information security corporation.

Page 92
Sensitive security parameter
NameTypeDescriptionStrengthGenerationEstablishmentUse
AES keySymmetri c key - CSPAES key used for encryption, decryption, and computing MAC tagsAES-XTS: 256, 512 bits; Other modes: 128, 192, 256 bits - AES-XTS: 128, 256 bits; Other modes: 128, 192, 256 bitsSymmetric Encryption with AES Symmetric Decryption with AES Authentica ted Symmetric Encryption Authentica ted Symmetric Decryption
HMAC keySymmetri c key - CSPHMAC key used for computing MAC tags112- 524288 bits - 112- 256 bitsMessage Authentica tion Code
Module- generate d RSA private keyPrivate key - CSPRSA private key generated by the module2048- 15360 bits - 112- 256 bitsKey Pair Generati on with RSAKey Pair Generation with RSA
Module- generate d RSA public keyPublic key - PSPRSA public key generated by the module2048- 15360 bits - Key pair generatio n: 112- 256 bitsKey Pair Generati on with RSAKey Pair Generation with RSA
RSA private keyPrivate key - CSPRSA private key written to the module2048- 16384 bits - 112- 256 bitsSignature Generation Shared Secret Computati on with RSA Asymmetri c Decryption with RSA
RSA public keyPublic key - PSPRSA public key written to the moduleSignature verificatio n: 1024- 16384 bits; Others: 2048- 16384 bits - Signature verificatio n: 80-256 bits; Others: 112-256 bitsSignature Verification Shared Secret Computati on with RSA Asymmetri c Encryption with RSA
Module- generate d DH Private keyPrivate key - CSPDH Private key generated by the module2048- 8192 bits - 112-200 bitsKey Pair Generati on with Safe PrimesKey Pair Generation with Safe Primes
Module- generate d DH Public keyPublic key - PSPDH Public key generated by the module2048- 8192 bits - 112-200 bitsKey Pair Generati on with Safe PrimesKey Pair Generation with Safe Primes
DH Private keyPrivate key - CSPDH Private key written to the module2048- 8192 bits - 112-200 bitsShared Secret Computati on with DH Key Pair Verification with Safe Primes
DH Public keyPublic key - PSPDH Public key written to the module2048- 8192 bits - 112-200 bitsShared Secret Computati on with DH Key Pair Verification with Safe Primes
Module- generate d EC Private keyPrivate key - CSPEC Private key generated by the moduleP-224, P- 256, P- 384, P- 521 bits - 112, 128, 192, 256 bitsKey Pair Generati on with ECDSAKey Pair Generation with ECDSA
Module- generate d EC Public keyPublic key - PSPEC Public key generated by the moduleP-224, P- 256, P- 384, P- 521 bits - 112, 128, 192, 256 bitsKey Pair Generati on with ECDSAKey Pair Generation with ECDSA
EC Private keyPrivate key - CSPEC Private key written the module and used by ECDSA and ECDHP-224, P- 256, P- 384, P- 521 bits - 112, 128, 192, 256 bitsShared Secret Computati on with ECDH Signature Generation Key Pair Verification with ECDSA
EC Public keyPublic key - PSPEC Public key written the module and used by ECDSA and ECDHP-224, P- 256, P- 384, P- 521 bits - 112, 128, 192, 256 bitsSignature Verification Shared Secret Computati on with ECDH Key Pair Verification with ECDSA
Key Derivatio n KeySymmetri c key - CSPSymmetric key used to derive symmetric keys112-4096 bits - 112- 256 bitsKey Derivation with KBKDF
KBKDF Derived KeySymmetri c key - CSPSymmetric key derived from a112-4096 bits - 112- 256 bitsKey DerivatioKey Derivation
key-derivation keykey-derivation keyn with KBKDFwith KBKDF
HKDF Derived KeySymmetri c key - CSPSymmetric key derived from a shared secret112-4096 bits - 112- 256 bitsKey Derivatio n with HKDFKey Derivation with HKDF
SSH Derived KeySymmetri c key - CSPSymmetric key derived from a shared secret112-4096 bits - 112- 256 bitsKey Derivatio n with SSH KDFKey Derivation with SSH KDF
X9.63 Derived KeySymmetri c key - CSPSymmetric key derived from a shared secret112-4096 bits - 112- 256 bitsKey Derivatio n with X9.63 KDFKey Derivation with X9.63 KDF
X9.42 Derived KeySymmetri c key - CSPSymmetric key derived from a shared secret112-4096 bits - 112- 256 bitsKey Derivatio n with X9.42 KDFKey Derivation with X9.42 KDF
Password or passphra sePassword - CSPPassword or passphrase used by PBKDF to derive symmetric keys8-128 character s - N/APassword- based Key Derivation
PBKDF Derived KeySymmetri c key - CSPKey derived from PBKDF password/passp hrase during key derivation112-4096 bits - 112- 256 bitsPasswor d-based Key Derivatio nPassword- based Key Derivation
KDA OneStep Derived KeySymmetri c key - CSPSymmetric key derived from a shared secret112-4096 bits - 112- 256 bitsKey Derivatio n with KDA OneStepKey Derivation with KDA OneStep
KDA TwoStep Derived KeySymmetri c key - CSPSymmetric key derived from a shared secret112-4096 bits - 112- 256 bitsKey Derivatio n with KDA TwoStepKey Derivation with KDA TwoStep
TLS Derived KeySymmetri c key - CSPDerived key used in Transport Layer Security (TLS) network protocol112-4096 bits - 112- 256 bitsTLS Key Derivatio n
Shared SecretShared Secret - CSPShared secret generated by ECDH/DH/RSA shared secret computation224-8912 bits - 112- 256 bitsShared Secret Computat ion with DH Shared Secret Computat ion with ECDH Shared Secret Computat ion with RSAKey Derivation with KDA OneStep Key Derivation with KDA TwoStep Key Derivation with X9.42 KDF Key Derivation with X9.63 KDF Key Derivation with SSH KDF Key Derivation with HKDF Shared Secret Computati on with DH Shared Secret Computati on with ECDH Shared Secret Computati on with RSA
Entropy inputEntropy Input - CSPEntropy input string used to seed the DRBG128-384 bits - 128- 256 bitsRandom Number Generation
DRBG seedSeed - CSPDRBG seed derived from entropy input (IG D.L compliant)CTR_DRB G: 256, 320, 384 bits; Hash_DRB G: 440, 888 bits; HMAC_DR BG: 160, 256, 512 bits - CTR_DRB G: 128, 192, 256 bits; HMAC_DR BG, Hash_DRB G: 128, 256 bitsRandom Number Generati onRandom Number Generation
DRBG internal state (V value, C value)Internal state - CSPInternal state of the Hash_DRBG (IG D.L compliant)880, 1776 bits - 128, 256 bitsRandom Number Generati onRandom Number Generation
DRBG internal state (V value, Key)Internal state - CSPInternal state of the CTR_DRBG and HMAC_DRBG (IG D.L compliant)CTR_DRB G: 256, 320, 384 bits; HMAC_DR BG: 320, 512, 1024 bits - CTR_DRB G: 128, 192, 256 bits; HMAC_DR BG: 128, 256 bitsRandom Number Generati onRandom Number Generation
Intermedi ate keyIntermedi ate value - CSPIntermediate key pair generation112- 15360Key Pair Generati on withKey Pair Generation with RSA

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module

9.4 SSPs

y 112524288 bits - 112256 bits Modulegenerate 204815360 bits - 112256 bits Modulegenerate 204815360 n: 112256 bits 204816384 bits - 112256 bits c © 2025 SUSE, LLC/atsec information security corporation.

Page 93

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module y n: 102416384 204816384 Modulegenerate

20488192 bits
20488192 bits
20488192 bits
20488192 bits

c © 2025 SUSE, LLC/atsec information security corporation.

Page 94

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module y Modulegenerate P-224, P256, P384, P521 bits 112, 128, Modulegenerate P-224, P256, P384, P521 bits 112, 128, P-224, P256, P384, P521 bits 112, 128, P-224, P256, P384, P521 bits 112, 128, bits - 112256 bits bits - 112256 bits © 2025 SUSE, LLC/atsec information security corporation.

Page 95

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module y bits - 112256 bits bits - 112256 bits bits - 112256 bits bits - 112256 bits s - N/A bits - 112256 bits n Passwordbased Key bits - 112256 bits bits - 112256 bits Passwordbased Key © 2025 SUSE, LLC/atsec information security corporation.

Page 96

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module y bits - 112256 bits n bits - 112256 bits bits - 128256 bits © 2025 SUSE, LLC/atsec information security corporation.

Page 97

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module y 11215360 © 2025 SUSE, LLC/atsec information security corporation.

Page 98
Sensitive security parameter
NameDescriptionStrengthGenerationStorageZeroizationUseInputStorage DurationRelated SSPs
generatio n valuevalue generated during key generation and key derivation services (SP 800-133 Rev. 2 Section 4, 5.1, and 5.2)bits - 112- 256 bitsRSA Key Pair Generati on with ECDSA Key Pair Generati on with Safe PrimesKey Pair Generation with ECDSA Key Pair Generation with Safe Primes
AES keyRAM:Plaintex tFree cipher handle Module ResetAPI input parameter sFrom service invocation until cipherhandl e is freed
HMAC keyRAM:Plaintex tFree cipher handle Module ResetAPI input parameter sFrom service invocation until cipherhandl e is freed
Module- generated RSA private keyRAM:Plaintex tFree cipher handle Module ResetAPI output parameter sFrom service invocation until cipherhandl e is freedModule-generated RSA public key:Paired With Intermediate key generation value:Generated From
Module- generated RSA public keyRAM:Plaintex tFree cipher handle Module ResetAPI output parameter sFrom service invocation until cipherhandl e is freedModule-generated RSA private key:Paired With Intermediate key generation value:Generated From
Sensitive security parameter
NameDescriptionStrengthGenerationStorageZeroizationUseInputStorage DurationRelated SSPs
generatio n valuevalue generated during key generation and key derivation services (SP 800-133 Rev. 2 Section 4, 5.1, and 5.2)bits - 112- 256 bitsRSA Key Pair Generati on with ECDSA Key Pair Generati on with Safe PrimesKey Pair Generation with ECDSA Key Pair Generation with Safe Primes
AES keyRAM:Plaintex tFree cipher handle Module ResetAPI input parameter sFrom service invocation until cipherhandl e is freed
HMAC keyRAM:Plaintex tFree cipher handle Module ResetAPI input parameter sFrom service invocation until cipherhandl e is freed
Module- generated RSA private keyRAM:Plaintex tFree cipher handle Module ResetAPI output parameter sFrom service invocation until cipherhandl e is freedModule-generated RSA public key:Paired With Intermediate key generation value:Generated From
Module- generated RSA public keyRAM:Plaintex tFree cipher handle Module ResetAPI output parameter sFrom service invocation until cipherhandl e is freedModule-generated RSA private key:Paired With Intermediate key generation value:Generated From

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module bits - 112256 bits y Table 20: SSP Table 1 n s t s t Modulegenerated s t Modulegenerated s t © 2025 SUSE, LLC/atsec information security corporation.

Page 99
Sensitive security parameter
NameStorageZeroizationInputRelated SSPs
RSA private keyRAM:Plaintex tFree cipher handle Module ResetAPI input parameter sFrom service invocation until cipherhandl e is freedRSA public key:Paired With
RSA public keyRAM:Plaintex tFree cipher handle Module ResetAPI input parameter sFrom service invocation until cipherhandl e is freedRSA private key:Paired With
Module- generated DH Private keyRAM:Plaintex tFree cipher handle Module ResetAPI output parameter sFrom service invocation until cipherhandl e is freedModule-generated DH Public key:Paired With Intermediate key generation value:Generated From
Module- generated DH Public keyRAM:Plaintex tFree cipher handle Module ResetAPI output parameter sFrom service invocation until cipherhandl e is freedModule-generated DH Private key:Paired With Intermediate key generation value:Generated From
DH Private keyRAM:Plaintex tFree cipher handle Module ResetAPI input parameter sFrom service invocation until cipherhandl e is freedDH Public key:Paired With
DH Public keyRAM:Plaintex tFree cipher handle Module ResetAPI input parameter sFrom service invocation until cipherhandl e is freedDH Private key:Paired With
Module- generated EC Private keyRAM:Plaintex tFree cipher handle Module ResetAPI output parameter sFrom service invocation untilModule-generated EC Public key:Paired With Intermediate key generation

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module n s t s t Modulegenerated s t Modulegenerated s t s t s t Modulegenerated s t © 2025 SUSE, LLC/atsec information security corporation.

Page 100
Sensitive security parameter
NameGenerationStorageZeroizationInputCipherhandl e is freed
Module- generated EC Public keyModule-generated EC private key:Paired With Intermediate key generation value:Generated FromRAM:Plaintex tFree cipher handle Module ResetAPI output parameter sFrom service invocation until cipherhandl e is freed
EC Private keyEC Public key:Paired WithRAM:Plaintex tFree cipher handle Module ResetAPI input parameter sFrom service invocation until cipherhandl e is freed
EC Public keyEC private key:Paired WithRAM:Plaintex tFree cipher handle Module ResetAPI input parameter sFrom service invocation until cipherhandl e is freed
Key Derivation KeyKBKDF Derived Key:DerivesRAM:Plaintex tFree cipher handle Module ResetAPI input parameter sFrom service invocation until cipherhandl e is freed
KBKDF Derived KeyKey-derivation key:Derived FromRAM:Plaintex tFree cipher handle Module ResetAPI output parameter sFrom service invocation until cipherhandl e is freed
HKDF Derived KeyShared secret:Derived FromRAM:Plaintex tFree cipher handle Module ResetAPI output parameter sFrom service invocation until cipherhandl e is freed
SSH Derived KeyShared secret:Derived FromRAM:Plaintex tFree cipher handle Module ResetAPI output parameter sFrom service invocation until
X9.63 Derived KeyShared secret:Derived FromRAM:Plaintex tFree cipher handle Module ResetAPI output parameter sFrom service invocation until cipherhandl e is freed
X9.42 Derived KeyShared secret:Derived FromRAM:Plaintex tFree cipher handle Module ResetAPI output parameter sFrom service invocation until cipherhandl e is freed
Password or passphrasePBKDF Derived Key:DerivesRAM:Plaintex tFree cipher handle Module ResetAPI input parameter sFrom service invocation until cipherhandl e is freed
PBKDF Derived KeyPassword or passphrase:Derive d FromRAM:Plaintex tFree cipher handle Module ResetAPI output parameter sFrom service invocation until cipherhandl e is freed
KDA OneStep Derived KeyShared secret:Derived FromRAM:Plaintex tFree cipher handle Module ResetAPI output parameter sFrom service invocation until cipherhandl e is freed
KDA TwoStep Derived KeyShared secret:Derived FromRAM:Plaintex tFree cipher handle Module ResetAPI output parameter sFrom service invocation until cipherhandl e is freed
TLS Derived KeyShared Secret:Derived FromRAM:Plaintex tFree cipher handle Module ResetAPI output parameter sFrom service invocation until
Shared SecretDH private key:Established By DH public key:Established By EC private key:Established By EC public key:Established By HKDF Derived Key:Derives KDA OneStep Derived Key:Derives KDA TwoStep Derived Key:Derives TLS Derived Key:Derives SSH Derived Key:Derives X9.63 Derived Key:Derives X9.42 Derived Key:Derives RSA private key:Established By RSA public key:Established ByRAM:Plaintex tFree cipher handle Module ResetAPI input parameter s API output parameter sFrom service invocation until cipherhandl e is freed
Entropy inputDRBG seed:DerivesRAM:Plaintex tAutomatic Module ResetFrom generation until DRBG seed is created
DRBG seedEntropy input:Derived From DRBG internal state (V value, C value):Generates DRBG internal state (V value, Key):GeneratesRAM:Plaintex tAutomatic Module ResetWhile the DRBG is instantiated

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module n Modulegenerated s t s t s t s t s t s t s t © 2025 SUSE, LLC/atsec information security corporation.

Page 101

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module n s t s t s t s t s t s t s t © 2025 SUSE, LLC/atsec information security corporation.

Page 102

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module n s s t t t © 2025 SUSE, LLC/atsec information security corporation.

Page 103
Sensitive security parameter
NameStorageZeroizationRelated SSPs
DRBG internal state (V value, C value)RAM:Plaintex tFree cipher handle Module ResetFrom DRBG instantiatio n until DRBG terminationDRBG seed:Generated From
DRBG internal state (V value, Key)RAM:Plaintex tFree cipher handle Module ResetFrom DRBG instantiatio n until DRBG terminationDRBG seed:Generated From
Intermediat e key generation valueRAM:Plaintex tAutomaticFrom service invocation until cipherhandl e is freedDH private key:Generates DH public key:Generates EC private key:Generates EC public key:Generates RSA private key:Generates RSA public key:Generates

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module n t t t Table 21: SSP Table 2

9.5 Transitions

The SHA-1 algorithm as implemented by the module will be non-approved for all purposes, starting January 1, 2031. © 2025 SUSE, LLC/atsec information security corporation.

Page 104
Self test
NameAlgorithm Or TestTest MethodTest TypeDetailsIndicator
HMAC- SHA2-256 (A5868)HMAC- SHA2-256 (A5868)Message authenticationSW/FW IntegrityIntegrity test of the shared library component of the module. Verified by comparing an HMAC SHA-256 value calculated at run time with the HMAC SHA-256 value embedded in the fips.so file that was computed at build time.256-bits keyModule becomes operational and services are available for use
HMAC- SHA2-256 (A5864)HMAC- SHA2-256 (A5864)Message authenticationSW/FW IntegrityIntegrity test of the shared library component of the module. Verified by comparing an HMAC SHA-256 value calculated at run time with the HMAC SHA-256 value embedded in the fips.so file that was computed at build time.256-bits keyModule becomes operational and services are available for use
HMAC- SHA2-256 (A5876)HMAC- SHA2-256 (A5876)Message authenticationSW/FW IntegrityIntegrity test of the shared library component of the module. Verified by comparing an HMAC SHA-256 value calculated at run time with the HMAC SHA-256 value embedded in the fips.so file that was computed at build time.256-bits keyModule becomes operational and services are available for use
HMAC- SHA2-256 (A5877)HMAC- SHA2-256 (A5877)Message authenticationSW/FW IntegrityIntegrity test of the shared library component of the256-bits keyModule becomes operational

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module

10 Self-Tests
10.1 Pre-Operational Self-Tests

HMACSHA2-256 HMACSHA2-256 HMACSHA2-256 HMACSHA2-256 © 2025 SUSE, LLC/atsec information security corporation.

Page 105
Service
NameRole AccessApproved FunctionsTypePropertiesTest Method
Module becomes operational and services are available for useIntegrity test of the shared library component of the module. Verified by comparing an HMAC SHA-256 value calculated at run time with the HMAC SHA-256 value embedded in the fips.so file that was computed at build time.HMAC- SHA2-256 (A5878)SW/FW Integrity256-bits keyMessage authentication
Module becomes operational and services are available for useIntegrity test of the shared library component of the module. Verified by comparing an HMAC SHA-256 value calculated at run time with the HMAC SHA-256 value embedded in the fips.so file that was computed at build time.HMAC- SHA2-256 (A5879)SW/FW Integrity256-bits keyMessage authentication
Module becomes operational and services are available for useIntegrity test of the shared library component of the module. Verified by comparing an HMAC SHA-256 value calculated at run time with the HMAC SHA-256 value embedded in the fips.so file thatHMAC- SHA2-256 (A5883)SW/FW Integrity256-bits keyMessage authentication

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module HMACSHA2-256 HMACSHA2-256 HMACSHA2-256 © 2025 SUSE, LLC/atsec information security corporation.

Page 106
Self test
NameAlgorithm Or TestTest MethodTest TypeDetailsIndicatorConditions
HMAC- SHA2-256 (A5889)HMAC- SHA2-256 (A5889)Message authenticationSW/FW IntegrityIntegrity test of the shared library component of the module. Verified by comparing an HMAC SHA-256 value calculated at run time with the HMAC SHA-256 value embedded in the fips.so file that was computed at build time.256-bits key MessageModule becomes operational and services are available for use
SHA-1 (A5868)SHA-1 (A5868)KATCASTMessage digest24-bit messageModule becomes operationalTest runs at power-on before the integrity test
SHA-1 (A5876)SHA-1 (A5876)KATCASTMessage digest24-bit messageModule becomes operationalTest runs at power-on before the integrity test
SHA-1 (A5877)SHA-1 (A5877)KATCASTMessage digest24-bit messageModule becomes operationalTest runs at power-on before the integrity test
Self test
NameAlgorithm Or TestTest MethodTest TypePeriodPeriodic MethodDetailsIndicatorConditions
HMAC- SHA2-256 (A5889)HMAC- SHA2-256 (A5889)Message authenticationSW/FW IntegrityIntegrity test of the shared library component of the module. Verified by comparing an HMAC SHA-256 value calculated at run time with the HMAC SHA-256 value embedded in the fips.so file that was computed at build time.256-bits key MessageModule becomes operational and services are available for use
SHA-1 (A5868)SHA-1 (A5868)KATCASTMessage digest24-bit messageModule becomes operationalTest runs at power-on before the integrity test
SHA-1 (A5876)SHA-1 (A5876)KATCASTMessage digest24-bit messageModule becomes operationalTest runs at power-on before the integrity test
SHA-1 (A5877)SHA-1 (A5877)KATCASTMessage digest24-bit messageModule becomes operationalTest runs at power-on before the integrity test
SHA-1 (A5878)SHA-1 (A5878)KATCASTMessage digest24-bit messageModule becomes operationalTest runs at power-on before the integrity test
SHA-1 (A5879)SHA-1 (A5879)KATCASTMessage digest24-bit messageModule becomes operationalTest runs at power-on before the integrity test
SHA-1 (A5883)SHA-1 (A5883)KATCASTMessage digest24-bit messageModule becomes operationalTest runs at power-on before the integrity test
SHA-1 (A5889)SHA-1 (A5889)KATCASTMessage digest24-bit messageModule becomes operationalTest runs at power-on before the integrity test
SHA2-512 (A5868)SHA2-512 (A5868)KATCASTMessage digest24-bit messageModule becomes operationalTest runs at power-on before the integrity test
SHA2-512 (A5876)SHA2-512 (A5876)KATCASTMessage digest24-bit messageModule becomes operationalTest runs at power-on before the integrity test
SHA2-512 (A5877)SHA2-512 (A5877)KATCASTMessage digest24-bit messageModule becomes operationalTest runs at power-on before the integrity test
SHA2-512 (A5878)SHA2-512 (A5878)KATCASTMessage digest24-bit messageModule becomes operationalTest runs at power-on before the integrity test
SHA2-512 (A5879)SHA2-512 (A5879)KATCASTMessage digest24-bit messageModule becomes operationalTest runs at power-on before the integrity test
SHA2-512 (A5883)SHA2-512 (A5883)KATCASTMessage digest24-bit messageModule becomes operationalTest runs at power-on before the integrity test
SHA2-512 (A5889)SHA2-512 (A5889)KATCASTMessage digest24-bit messageModule becomes operationalTest runs at power-on before the integrity test
HMAC- SHA2-256 (A5864)HMAC- SHA2-256 (A5864)KATCASTMessage digest256-bit keyModule becomes operationalTest runs at power-on before the integrity test
HMAC- SHA2-256 (A5868)HMAC- SHA2-256 (A5868)KATCASTMessage digest256-bit keyModule becomes operationalTest runs at power-on before the integrity test
HMAC- SHA2-256 (A5876)HMAC- SHA2-256 (A5876)KATCASTMessage digest256-bit keyModule becomes operationalTest runs at power-on before the integrity test
HMAC- SHA2-256 (A5877)HMAC- SHA2-256 (A5877)KATCASTMessage digest256-bit keyModule becomes operationalTest runs at power-on before the integrity test
HMAC- SHA2-256 (A5878)HMAC- SHA2-256 (A5878)KATCASTMessage digest256-bit keyModule becomes operationalTest runs at power-on before the integrity test
HMAC- SHA2-256 (A5879)HMAC- SHA2-256 (A5879)KATCASTMessage digest256-bit keyModule becomes operationalTest runs at power-on before the integrity test
HMAC- SHA2-256 (A5883)HMAC- SHA2-256 (A5883)KATCASTMessage digest256-bit keyModule becomes operationalTest runs at power-on before the integrity test
HMAC- SHA2-256 (A5889)HMAC- SHA2-256 (A5889)KATCASTMessage digest256-bit keyModule becomes operationalTest runs at power-on before the integrity test
SHA3-256 (A5869)SHA3-256 (A5869)KATCASTMessage digest32-bit messageModule becomes operationalTest runs at power-on before the integrity test
SHA3-256 (A5885)SHA3-256 (A5885)KATCASTMessage digest32-bit messageModule becomes operationalTest runs at power-on before the integrity test
AES-GCM (A5870)AES-GCM (A5870)KATCASTSymmetric operation256-bit key and 96-bit IV, encypt and decryptModule becomes operationalTest runs at power-on before the integrity test
AES-GCM (A5871)AES-GCM (A5871)KATCASTSymmetric operation256-bit key and 96-bit IV, encypt and decryptModule becomes operationalTest runs at power-on before the integrity test
AES-GCM (A5872)AES-GCM (A5872)KATCASTSymmetric operation256-bit key and 96-bit IV, encypt and decryptModule becomes operationalTest runs at power-on before the integrity test
AES-GCM (A5873)AES-GCM (A5873)KATCASTSymmetric operation256-bit key and 96-bit IV, encypt and decryptModule becomes operationalTest runs at power-on before the integrity test
AES-GCM (A5874)AES-GCM (A5874)KATCASTSymmetric operation256-bit key and 96-bit IV, encypt and decryptModule becomes operationalTest runs at power-on before the integrity test
AES-GCM (A5875)AES-GCM (A5875)KATCASTSymmetric operation256-bit key and 96-bit IV, encypt and decryptModule becomes operationalTest runs at power-on before the integrity test
AES-GCM (A5880)AES-GCM (A5880)KATCASTSymmetric operation256-bit key and 96-bit IV, encypt and decryptModule becomes operationalTest runs at power-on before the integrity test
AES-GCM (A5881)AES-GCM (A5881)KATCASTSymmetric operation256-bit key and 96-bit IV, encypt and decryptModule becomes operationalTest runs at power-on before the integrity test
AES-GCM (A5882)AES-GCM (A5882)KATCASTSymmetric operation256-bit key and 96-bit IV, encypt and decryptModule becomes operationalTest runs at power-on before the integrity test
AES-GCM (A5886)AES-GCM (A5886)KATCASTSymmetric operation256-bit key and 96-bit IV, encypt and decryptModule becomes operationalTest runs at power-on before the integrity test
AES-GCM (A5887)AES-GCM (A5887)KATCASTSymmetric operation256-bit key and 96-bit IV, encypt and decryptModule becomes operationalTest runs at power-on before the integrity test
AES-GCM (A5888)AES-GCM (A5888)KATCASTSymmetric operation256-bit key and 96-bit IV, encypt and decryptModule becomes operationalTest runs at power-on before the integrity test
AES-GCM (A5903)AES-GCM (A5903)KATCASTSymmetric operation256-bit key and 96-bit IV, encypt and decryptModule becomes operationalTest runs at power-on before the integrity test
AES-GCM (A5904)AES-GCM (A5904)KATCASTSymmetric operation256-bit key and 96-bit IV, encypt and decryptModule becomes operationalTest runs at power-on before the integrity test
AES-GCM (A5905)AES-GCM (A5905)KATCASTSymmetric operation256-bit key and 96-bit IV, encypt and decryptModule becomes operationalTest runs at power-on before the integrity test
AES-ECB (A5398)AES-ECB (A5398)KATCASTSymmetric operation128-bit key, decryptModule becomes operationalTest runs at power-on before the integrity test
AES-ECB (A5399)AES-ECB (A5399)KATCASTSymmetric operation128-bit key, decryptModule becomes operationalTest runs at power-on before the integrity test
AES-ECB (A5400)AES-ECB (A5400)KATCASTSymmetric operation128-bit key, decryptModule becomes operationalTest runs at power-on before the integrity test
AES-ECB (A5401)AES-ECB (A5401)KATCASTSymmetric operation128-bit key, decryptModule becomes operationalTest runs at power-on before the integrity test
AES-ECB (A5402)AES-ECB (A5402)KATCASTSymmetric operation128-bit key, decryptModule becomes operationalTest runs at power-on before the integrity test
AES-ECB (A5403)AES-ECB (A5403)KATCASTSymmetric operation128-bit key, decryptModule becomes operationalTest runs at power-on before the integrity test
AES-ECB (A5658)AES-ECB (A5658)KATCASTSymmetric operation128-bit key, decryptModule becomes operationalTest runs at power-on before the integrity test
AES-ECB (A5884)AES-ECB (A5884)KATCASTSymmetric operation128-bit key, decryptModule becomes operationalTest runs at power-on before the integrity test
AES-ECB (A5893)AES-ECB (A5893)KATCASTSymmetric operation128-bit key, decryptModule becomes operationalTest runs at power-on before the integrity test
AES-ECB (A5894)AES-ECB (A5894)KATCASTSymmetric operation128-bit key, decryptModule becomes operationalTest runs at power-on before the integrity test
AES-ECB (A5895)AES-ECB (A5895)KATCASTSymmetric operation128-bit key, decryptModule becomes operationalTest runs at power-on before the integrity test
AES-ECB (A5896)AES-ECB (A5896)KATCASTSymmetric operation128-bit key, decryptModule becomes operationalTest runs at power-on before the integrity test
AES-ECB (A5900)AES-ECB (A5900)KATCASTSymmetric operation128-bit key, decryptModule becomes operationalTest runs at power-on before the integrity test
RSA SigGen (FIPS186-5) (A5868)RSA SigGen (FIPS186-5) (A5868)KATCASTDigital signature generationPKCS#1 v1.5 with SHA-256 and 2048-bit keyModule becomes operationalTest runs at power-on before the integrity test
RSA SigGen (FIPS186-5) (A5869)RSA SigGen (FIPS186-5) (A5869)KATCASTDigital signature generationPKCS#1 v1.5 with SHA-256 and 2048-bit keyModule becomes operationalTest runs at power-on before the integrity test
RSA SigGen (FIPS186-5) (A5876)RSA SigGen (FIPS186-5) (A5876)KATCASTDigital signature generationPKCS#1 v1.5 with SHA-256 and 2048-bit keyModule becomes operationalTest runs at power-on before the integrity test
RSA SigGen (FIPS186-5) (A5877)RSA SigGen (FIPS186-5) (A5877)KATCASTDigital signature generationPKCS#1 v1.5 with SHA-256 and 2048-bit keyModule becomes operationalTest runs at power-on before the integrity test
RSA SigGen (FIPS186-5) (A5878)RSA SigGen (FIPS186-5) (A5878)KATCASTDigital signature generationPKCS#1 v1.5 with SHA-256 and 2048-bit keyModule becomes operationalTest runs at power-on before the integrity test
RSA SigGen (FIPS186-5) (A5879)RSA SigGen (FIPS186-5) (A5879)KATCASTDigital signature generationPKCS#1 v1.5 with SHA-256 and 2048-bit keyModule becomes operationalTest runs at power-on before the integrity test
RSA SigGen (FIPS186-5) (A5883)RSA SigGen (FIPS186-5) (A5883)KATCASTDigital signature generationPKCS#1 v1.5 with SHA-256 and 2048-bit keyModule becomes operationalTest runs at power-on before the integrity test
RSA SigGen (FIPS186-5) (A5885)RSA SigGen (FIPS186-5) (A5885)KATCASTDigital signature generationPKCS#1 v1.5 with SHA-256 and 2048-bit keyModule becomes operationalTest runs at power-on before the integrity test
RSA SigGen (FIPS186-5) (A5889)RSA SigGen (FIPS186-5) (A5889)KATCASTDigital signature generationPKCS#1 v1.5 with SHA-256 and 2048-bit keyModule becomes operationalTest runs at power-on before the integrity test
RSA SigVer (FIPS186-5) (A5868)RSA SigVer (FIPS186-5) (A5868)KATCASTDigital signature verificationPKCS#1 v1.5 with SHA-256 and 2048-bit keyModule becomes operationalTest runs at power-on before the integrity test
RSA SigVer (FIPS186-5) (A5869)RSA SigVer (FIPS186-5) (A5869)KATCASTDigital signature verificationPKCS#1 v1.5 with SHA-256 and 2048-bit keyModule becomes operationalTest runs at power-on before the integrity test
RSA SigVer (FIPS186-5) (A5876)RSA SigVer (FIPS186-5) (A5876)KATCASTDigital signature verificationPKCS#1 v1.5 with SHA-256 and 2048-bit keyModule becomes operationalTest runs at power-on before the integrity test
RSA SigVer (FIPS186-5) (A5877)RSA SigVer (FIPS186-5) (A5877)KATCASTDigital signature verificationPKCS#1 v1.5 with SHA-256 and 2048-bit keyModule becomes operationalTest runs at power-on before the integrity test
RSA SigVer (FIPS186-5) (A5878)RSA SigVer (FIPS186-5) (A5878)KATCASTDigital signature verificationPKCS#1 v1.5 with SHA-256 and 2048-bit keyModule becomes operationalTest runs at power-on before the integrity test
RSA SigVer (FIPS186-5) (A5879)RSA SigVer (FIPS186-5) (A5879)KATCASTDigital signature verificationPKCS#1 v1.5 with SHA-256 and 2048-bit keyModule becomes operationalTest runs at power-on before the integrity test
RSA SigVer (FIPS186-5) (A5883)RSA SigVer (FIPS186-5) (A5883)KATCASTDigital signature verificationPKCS#1 v1.5 with SHA-256 and 2048-bit keyModule becomes operationalTest runs at power-on before the integrity test
RSA SigVer (FIPS186-5) (A5885)RSA SigVer (FIPS186-5) (A5885)KATCASTDigital signature verificationPKCS#1 v1.5 with SHA-256 and 2048-bit keyModule becomes operationalTest runs at power-on before the integrity test
RSA SigVer (FIPS186-5) (A5889)RSA SigVer (FIPS186-5) (A5889)KATCASTDigital signature verificationPKCS#1 v1.5 with SHA-256 and 2048-bit keyModule becomes operationalTest runs at power-on before the integrity test
ECDSA SigGen (FIPS186-5) (A5868)ECDSA SigGen (FIPS186-5) (A5868)KATCASTDigital signature generationSHA-256 and P-224, P-256, P- 384, and P- 521Module becomes operationalTest runs at power-on before the integrity test
ECDSA SigGen (FIPS186-5) (A5869)ECDSA SigGen (FIPS186-5) (A5869)KATCASTDigital signature generationSHA-256 and P-224, P-256, P- 384, and P- 521Module becomes operationalTest runs at power-on before the integrity test
ECDSA SigGen (FIPS186-5) (A5876)ECDSA SigGen (FIPS186-5) (A5876)KATCASTDigital signature generationSHA-256 and P-224, P-256, P- 384, and P- 521Module becomes operationalTest runs at power-on before the integrity test
ECDSA SigGen (FIPS186-5) (A5877)ECDSA SigGen (FIPS186-5) (A5877)KATCASTDigital signature generationSHA-256 and P-224, P-256, P- 384, and P- 521Module becomes operationalTest runs at power-on before the integrity test
ECDSA SigGen (FIPS186-5) (A5878)ECDSA SigGen (FIPS186-5) (A5878)KATCASTDigital signature generationSHA-256 and P-224, P-256, P- 384, and P- 521Module becomes operationalTest runs at power-on before the integrity test
ECDSA SigGen (FIPS186-5) (A5879)ECDSA SigGen (FIPS186-5) (A5879)KATCASTDigital signature generationSHA-256 and P-224, P-256, P- 384, and P- 521Module becomes operationalTest runs at power-on before the integrity test
ECDSA SigGen (FIPS186-5) (A5883)ECDSA SigGen (FIPS186-5) (A5883)KATCASTDigital signature generationSHA-256 and P-224, P-256, P- 384, and P- 521Module becomes operationalTest runs at power-on before the integrity test
ECDSA SigGen (FIPS186-5) (A5885)ECDSA SigGen (FIPS186-5) (A5885)KATCASTDigital signature generationSHA-256 and P-224, P-256, P- 384, and P- 521Module becomes operationalTest runs at power-on before the integrity test
ECDSA SigGen (FIPS186-5) (A5889)ECDSA SigGen (FIPS186-5) (A5889)KATCASTDigital signature generationSHA-256 and P-224, P-256, P- 384, and P- 521Module becomes operationalTest runs at power-on before the integrity test
ECDSA SigVer (FIPS186-5) (A5868)ECDSA SigVer (FIPS186-5) (A5868)KATCASTDigital signature verificationSHA-256 and P-224, P-256, P- 384, and P- 521Module becomes operationalTest runs at power-on before the integrity test
ECDSA SigVer (FIPS186-5) (A5869)ECDSA SigVer (FIPS186-5) (A5869)KATCASTDigital signature verificationSHA-256 and P-224, P-256, P- 384, and P- 521Module becomes operationalTest runs at power-on before the integrity test
ECDSA SigVer (FIPS186-5) (A5876)ECDSA SigVer (FIPS186-5) (A5876)KATCASTDigital signature verificationSHA-256 and P-224, P-256, P- 384, and P- 521Module becomes operationalTest runs at power-on before the integrity test
ECDSA SigVer (FIPS186-5) (A5877)ECDSA SigVer (FIPS186-5) (A5877)KATCASTDigital signature verificationSHA-256 and P-224, P-256, P- 384, and P- 521Module becomes operationalTest runs at power-on before the integrity test
ECDSA SigVer (FIPS186-5) (A5878)ECDSA SigVer (FIPS186-5) (A5878)KATCASTDigital signature verificationSHA-256 and P-224, P-256, P- 384, and P- 521Module becomes operationalTest runs at power-on before the integrity test
ECDSA SigVer (FIPS186-5) (A5879)ECDSA SigVer (FIPS186-5) (A5879)KATCASTDigital signature verificationSHA-256 and P-224, P-256, P- 384, and P- 521Module becomes operationalTest runs at power-on before the integrity test
ECDSA SigVer (FIPS186-5) (A5883)ECDSA SigVer (FIPS186-5) (A5883)KATCASTDigital signature verificationSHA-256 and P-224, P-256, P- 384, and P- 521Module becomes operationalTest runs at power-on before the integrity test
ECDSA SigVer (FIPS186-5) (A5885)ECDSA SigVer (FIPS186-5) (A5885)KATCASTDigital signature verificationSHA-256 and P-224, P-256, P- 384, and P- 521Module becomes operationalTest runs at power-on before the integrity test
ECDSA SigVer (FIPS186-5) (A5889)ECDSA SigVer (FIPS186-5) (A5889)KATCASTDigital signature verificationSHA-256 and P-224, P-256, P- 384, and P- 521Module becomes operationalTest runs at power-on before the integrity test
KDF SP800- 108 (A5899)KDF SP800- 108 (A5899)KATCASTKey Derivation with KBKDFHMAC-SHA2- 256 in counter mode and 128-bit input keyModule becomes operationalTest runs at power-on before the integrity test
KDA OneStep SP800- 56Cr2 (A5897)KDA OneStep SP800- 56Cr2 (A5897)KATCASTShared secret key derivationSHA2-224 and 448-bit input secretModule becomes operationalTest runs at power-on before the integrity test
KDA TwoStep SP800- 56Cr2 (A5897)KDA TwoStep SP800- 56Cr2 (A5897)KATCASTShared secret key derivationSHA2-224 and 448-bit input secretModule becomes operationalTest runs at power-on before the integrity test
KDA HKDF SP800- 56Cr2 (A5863)KDA HKDF SP800- 56Cr2 (A5863)KATCASTShared secret key derivationSHA2-256 and 48-bit secretModule becomes operationalTest runs at power-on before the integrity test
KDF ANS 9.42 (A5868)KDF ANS 9.42 (A5868)KATCASTANS X9.42 key derivationAES-128 KW and SHA-1 and 160-bit input secretModule becomes operationalTest runs at power-on before the integrity test
KDF ANS 9.42 (A5869)KDF ANS 9.42 (A5869)KATCASTANS X9.42 key derivationAES-128 KW and SHA-1 and 160-bit input secretModule becomes operationalTest runs at power-on before the integrity test
KDF ANS 9.42 (A5876)KDF ANS 9.42 (A5876)KATCASTANS X9.42 key derivationAES-128 KW and SHA-1 and 160-bit input secretModule becomes operationalTest runs at power-on before the integrity test
KDF ANS 9.42 (A5877)KDF ANS 9.42 (A5877)KATCASTANS X9.42 key derivationAES-128 KW and SHA-1 and 160-bit input secretModule becomes operationalTest runs at power-on before the integrity test
KDF ANS 9.42 (A5878)KDF ANS 9.42 (A5878)KATCASTANS X9.42 key derivationAES-128 KW and SHA-1 and 160-bit input secretModule becomes operationalTest runs at power-on before the integrity test
KDF ANS 9.42 (A5879)KDF ANS 9.42 (A5879)KATCASTANS X9.42 key derivationAES-128 KW and SHA-1 and 160-bit input secretModule becomes operationalTest runs at power-on before the integrity test
KDF ANS 9.42 (A5883)KDF ANS 9.42 (A5883)KATCASTANS X9.42 key derivationAES-128 KW and SHA-1 and 160-bit input secretModule becomes operationalTest runs at power-on before the integrity test
KDF ANS 9.42 (A5885)KDF ANS 9.42 (A5885)KATCASTANS X9.42 key derivationAES-128 KW and SHA-1 and 160-bit input secretModule becomes operationalTest runs at power-on before the integrity test
KDF ANS 9.42 (A5889)KDF ANS 9.42 (A5889)KATCASTANS X9.42 key derivationAES-128 KW and SHA-1 and 160-bit input secretModule becomes operationalTest runs at power-on before the integrity test
KDF ANS 9.63 (A5868)KDF ANS 9.63 (A5868)KATCASTANS X9.63 key derivationSHA2-256 and 192-bit input secretModule becomes operationalTest runs at power-on before the integrity test
KDF ANS 9.63 (A5869)KDF ANS 9.63 (A5869)KATCASTANS X9.63 key derivationSHA2-256 and 192-bit input secretModule becomes operationalTest runs at power-on before the integrity test
KDF ANS 9.63 (A5876)KDF ANS 9.63 (A5876)KATCASTANS X9.63 key derivationSHA2-256 and 192-bit input secretModule becomes operationalTest runs at power-on before the integrity test
KDF ANS 9.63 (A5877)KDF ANS 9.63 (A5877)KATCASTANS X9.63 key derivationSHA2-256 and 192-bit input secretModule becomes operationalTest runs at power-on before the integrity test
KDF ANS 9.63 (A5878)KDF ANS 9.63 (A5878)KATCASTANS X9.63 key derivationSHA2-256 and 192-bit input secretModule becomes operationalTest runs at power-on before the integrity test
KDF ANS 9.63 (A5879)KDF ANS 9.63 (A5879)KATCASTANS X9.63 key derivationSHA2-256 and 192-bit input secretModule becomes operationalTest runs at power-on before the integrity test
KDF ANS 9.63 (A5883)KDF ANS 9.63 (A5883)KATCASTANS X9.63 key derivationSHA2-256 and 192-bit input secretModule becomes operationalTest runs at power-on before the integrity test
KDF ANS 9.63 (A5885)KDF ANS 9.63 (A5885)KATCASTANS X9.63 key derivationSHA2-256 and 192-bit input secretModule becomes operationalTest runs at power-on before the integrity test
KDF ANS 9.63 (A5889)KDF ANS 9.63 (A5889)KATCASTANS X9.63 key derivationSHA2-256 and 192-bit input secretModule becomes operationalTest runs at power-on before the integrity test
KDF SSH (A5884)KDF SSH (A5884)KATCASTSSH KDF key derivationSHA-1 and 1056-bit input secretModule becomes operationalTest runs at power-on before the integrity test
KDF SSH (A5893)KDF SSH (A5893)KATCASTSSH KDF key derivationSHA-1 and 1056-bit input secretModule becomes operationalTest runs at power-on before the integrity test
KDF SSH (A5894)KDF SSH (A5894)KATCASTSSH KDF key derivationSHA-1 and 1056-bit input secretModule becomes operationalTest runs at power-on before the integrity test
KDF SSH (A5895)KDF SSH (A5895)KATCASTSSH KDF key derivationSHA-1 and 1056-bit input secretModule becomes operationalTest runs at power-on before the integrity test
KDF SSH (A5896)KDF SSH (A5896)KATCASTSSH KDF key derivationSHA-1 and 1056-bit input secretModule becomes operationalTest runs at power-on before the integrity test
KDF SSH (A5900)KDF SSH (A5900)KATCASTSSH KDF key derivationSHA-1 and 1056-bit input secretModule becomes operationalTest runs at power-on before the integrity test
TLS v1.2 KDF RFC7627 (A5868)TLS v1.2 KDF RFC7627 (A5868)KATCASTTLS v1.2 KDF key derivationSHA2-256 and 384-bit input secretModule becomes operationalTest runs at power-on before the integrity test
TLS v1.2 KDF RFC7627 (A5876)TLS v1.2 KDF RFC7627 (A5876)KATCASTTLS v1.2 KDF key derivationSHA2-256 and 384-bit input secretModule becomes operationalTest runs at power-on before the integrity test
TLS v1.2 KDF RFC7627 (A5877)TLS v1.2 KDF RFC7627 (A5877)KATCASTTLS v1.2 KDF key derivationSHA2-256 and 384-bit input secretModule becomes operationalTest runs at power-on before the integrity test
TLS v1.2 KDF RFC7627 (A5878)TLS v1.2 KDF RFC7627 (A5878)KATCASTTLS v1.2 KDF key derivationSHA2-256 and 384-bit input secretModule becomes operationalTest runs at power-on before the integrity test
TLS v1.2 KDF RFC7627 (A5879)TLS v1.2 KDF RFC7627 (A5879)KATCASTTLS v1.2 KDF key derivationSHA2-256 and 384-bit input secretModule becomes operationalTest runs at power-on before the integrity test
TLS v1.2 KDF RFC7627 (A5883)TLS v1.2 KDF RFC7627 (A5883)KATCASTTLS v1.2 KDF key derivationSHA2-256 and 384-bit input secretModule becomes operationalTest runs at power-on before the integrity test
TLS v1.2 KDF RFC7627 (A5889)TLS v1.2 KDF RFC7627 (A5889)KATCASTTLS v1.2 KDF key derivationSHA2-256 and 384-bit input secretModule becomes operationalTest runs at power-on before the integrity test
TLS v1.3 KDF (A5863)TLS v1.3 KDF (A5863)KATCASTTLS v1.3 KDF key derivationSHA2-256, extract and expand modesModule becomes operationalTest runs at power-on before the integrity test
PBKDF (A5868)PBKDF (A5868)KATCASTPassword- based Key DerivationSHA2-256 with 24 characters password, 288-bit salt, 4096 iterationsModule becomes operationalTest runs at power-on before the integrity test
PBKDF (A5869)PBKDF (A5869)KATCASTPassword- based Key DerivationSHA2-256 with 24 characters password, 288-bit salt, 4096 iterationsModule becomes operationalTest runs at power-on before the integrity test
PBKDF (A5876)PBKDF (A5876)KATCASTPassword- based Key DerivationSHA2-256 with 24 characters password, 288-bit salt, 4096 iterationsModule becomes operationalTest runs at power-on before the integrity test
PBKDF (A5877)PBKDF (A5877)KATCASTPassword- based Key DerivationSHA2-256 with 24 characters password, 288-bit salt, 4096 iterationsModule becomes operationalTest runs at power-on before the integrity test
PBKDF (A5878)PBKDF (A5878)KATCASTPassword- based Key DerivationSHA2-256 with 24 characters password, 288-bit salt, 4096 iterationsModule becomes operationalTest runs at power-on before the integrity test
PBKDF (A5879)PBKDF (A5879)KATCASTPassword- based Key DerivationSHA2-256 with 24 characters password,Module becomes operationalTest runs at power-on before the
288-bit salt, 4096 iterations288-bit salt, 4096 iterationsintegrity test
PBKDF (A5883)PBKDF (A5883)KATCASTPassword- based Key DerivationSHA2-256 with 24 characters password, 288-bit salt, 4096 iterationsModule becomes operationalTest runs at power-on before the integrity test
PBKDF (A5885)PBKDF (A5885)KATCASTPassword- based Key DerivationSHA2-256 with 24 characters password, 288-bit salt, 4096 iterationsModule becomes operationalTest runs at power-on before the integrity test
PBKDF (A5889)PBKDF (A5889)KATCASTPassword- based Key DerivationSHA2-256 with 24 characters password, 288-bit salt, 4096 iterationsModule becomes operationalTest runs at power-on before the integrity test
Counter DRBG (A5397)Counter DRBG (A5397)KATCASTInstantiate; Generate; Reseed (compliant to SP 800-90A Rev. 1 Section 11.3)AES-128 with derivation function and prediction resistanceModule becomes operationalTest runs at power-on before the integrity test
Hash DRBG (A5397)Hash DRBG (A5397)KATCASTInstantiate; Generate; Reseed (compliant to SP 800-90A Rev. 1 Section 11.3)SHA2-256 and prediction resistanceModule becomes operationalTest runs at power-on before the integrity test
HMAC DRBG (A5397)HMAC DRBG (A5397)KATCASTInstantiate; Generate; Reseed (compliant to SP 800-90AHMAC-SHA-1 and prediction resistanceModule becomes operationalTest runs at power-on before the integrity test
KAS-FFC- SSC Sp800- 56Ar3 (A5898)KAS-FFC- SSC Sp800- 56Ar3 (A5898)KATCASTShared secret computationffdhe2048Module becomes operationalTest runs at power-on before the integrity test
KAS-ECC- SSC Sp800- 56Ar3 (A5868)KAS-ECC- SSC Sp800- 56Ar3 (A5868)KATCASTShared secret computationP-256Module becomes operationalTest runs at power-on before the integrity test
KAS-ECC- SSC Sp800- 56Ar3 (A5876)KAS-ECC- SSC Sp800- 56Ar3 (A5876)KATCASTShared secret computationP-256Module becomes operationalTest runs at power-on before the integrity test
KAS-ECC- SSC Sp800- 56Ar3 (A5877)KAS-ECC- SSC Sp800- 56Ar3 (A5877)KATCASTShared secret computationP-256Module becomes operationalTest runs at power-on before the integrity test
KAS-ECC- SSC Sp800- 56Ar3 (A5878)KAS-ECC- SSC Sp800- 56Ar3 (A5878)KATCASTShared secret computationP-256Module becomes operationalTest runs at power-on before the integrity test
KAS-ECC- SSC Sp800- 56Ar3 (A5879)KAS-ECC- SSC Sp800- 56Ar3 (A5879)KATCASTShared secret computationP-256Module becomes operationalTest runs at power-on before the integrity test
KAS-ECC- SSC Sp800- 56Ar3 (A5883)KAS-ECC- SSC Sp800- 56Ar3 (A5883)KATCASTShared secret computationP-256Module becomes operationalTest runs at power-on before the integrity test
KAS-ECC- SSC Sp800- 56Ar3 (A5889)KAS-ECC- SSC Sp800- 56Ar3 (A5889)KATCASTShared secret computationP-256Module becomes operationalTest runs at power-on before the integrity test
Safe Primes Key Generation (A5898)Safe Primes Key Generation (A5898)PCTPCTSP 800-56A Rev. 3 Section 5.6.2.1.4N/AKey pair generation is successfulKey pair generation
RSA KeyGen (FIPS186-5) (A5868)RSA KeyGen (FIPS186-5) (A5868)PCTPCTSignature generation and verificationPKCS#1 v1.5 with SHA-256Key pair generation is sucessfulKey pair generation
RSA KeyGen (FIPS186-5) (A5876)RSA KeyGen (FIPS186-5) (A5876)PCTPCTSignature generation and verificationPKCS#1 v1.5 with SHA-256Key pair generation is sucessfulKey pair generation
RSA KeyGen (FIPS186-5) (A5877)RSA KeyGen (FIPS186-5) (A5877)PCTPCTSignature generation and verificationPKCS#1 v1.5 with SHA-256Key pair generation is sucessfulKey pair generation
RSA KeyGen (FIPS186-5) (A5878)RSA KeyGen (FIPS186-5) (A5878)PCTPCTSignature generation and verificationPKCS#1 v1.5 with SHA-256Key pair generation is sucessfulKey pair generation
RSA KeyGen (FIPS186-5) (A5879)RSA KeyGen (FIPS186-5) (A5879)PCTPCTSignature generation and verificationPKCS#1 v1.5 with SHA-256Key pair generation is sucessfulKey pair generation
RSA KeyGen (FIPS186-5) (A5883)RSA KeyGen (FIPS186-5) (A5883)PCTPCTSignature generation and verificationPKCS#1 v1.5 with SHA-256Key pair generation is sucessfulKey pair generation
RSA KeyGen (FIPS186-5) (A5889)RSA KeyGen (FIPS186-5) (A5889)PCTPCTSignature generation and verificationPKCS#1 v1.5 with SHA-256Key pair generation is sucessfulKey pair generation
ECDSA KeyGen (FIPS186-5) (A5868)ECDSA KeyGen (FIPS186-5) (A5868)PCTPCTSignature generation and verificationSHA-256Key pair generation is sucessfulKey pair generation
ECDSA KeyGen (FIPS186-5) (A5876)ECDSA KeyGen (FIPS186-5) (A5876)PCTPCTSignature generation and verificationSHA-256Key pair generation is sucessfulKey pair generation
ECDSA KeyGen (FIPS186-5) (A5877)ECDSA KeyGen (FIPS186-5) (A5877)PCTPCTSignature generation and verificationSHA-256Key pair generation is sucessfulKey pair generation
ECDSA KeyGen (FIPS186-5) (A5878)ECDSA KeyGen (FIPS186-5) (A5878)PCTPCTSignature generation and verificationSHA-256Key pair generation is sucessfulKey pair generation
ECDSA KeyGen (FIPS186-5) (A5879)ECDSA KeyGen (FIPS186-5) (A5879)PCTPCTSignature generation and verificationSHA-256Key pair generation is sucessfulKey pair generation
ECDSA KeyGen (FIPS186-5) (A5883)ECDSA KeyGen (FIPS186-5) (A5883)PCTPCTSignature generation and verificationSHA-256Key pair generation is sucessfulKey pair generation
ECDSA KeyGen (FIPS186-5) (A5889)ECDSA KeyGen (FIPS186-5) (A5889)PCTPCTSignature generation and verificationSHA-256Key pair generation is sucessfulKey pair generation
KTS-IFC (A5868)KTS-IFC (A5868)KATCASTKey encapsulation and un- encapsulationOAEP with 2048-bit keyModule becomes operationalTest runs at power-on before the integrity test
KTS-IFC (A5876)KTS-IFC (A5876)KATCASTKey encapsulation and un- encapsulationOAEP with 2048-bit keyModule becomes operationalTest runs at power-on before the integrity test
KTS-IFC (A5877)KTS-IFC (A5877)KATCASTKey encapsulation and un- encapsulationOAEP with 2048-bit keyModule becomes operationalTest runs at power-on before the integrity test
KTS-IFC (A5878)KTS-IFC (A5878)KATCASTKey encapsulation and un- encapsulationOAEP with 2048-bit keyModule becomes operationalTest runs at power-on before the integrity test
KTS-IFC (A5879)KTS-IFC (A5879)KATCASTKey encapsulation and un- encapsulationOAEP with 2048-bit keyModule becomes operationalTest runs at power-on before the integrity test
KTS-IFC (A5883)KTS-IFC (A5883)KATCASTKey encapsulation and un- encapsulationOAEP with 2048-bit keyModule becomes operationalTest runs at power-on before the integrity test
KTS-IFC (A5889)KTS-IFC (A5889)KATCASTKey encapsulation and un- encapsulationOAEP with 2048-bit keyModule becomes operationalTest runs at power-on before the integrity test
HMAC-SHA2- 256 (A5868)HMAC-SHA2- 256 (A5868)Message authenticationSW/FW IntegrityOn demandManually
HMAC-SHA2- 256 (A5864)HMAC-SHA2- 256 (A5864)Message authenticationSW/FW IntegrityOn demandManually
HMAC-SHA2- 256 (A5876)HMAC-SHA2- 256 (A5876)Message authenticationSW/FW IntegrityOn demandManually
HMAC-SHA2- 256 (A5877)HMAC-SHA2- 256 (A5877)Message authenticationSW/FW IntegrityOn demandManually
HMAC-SHA2- 256 (A5878)HMAC-SHA2- 256 (A5878)Message authenticationSW/FW IntegrityOn demandManually
HMAC-SHA2- 256 (A5879)HMAC-SHA2- 256 (A5879)Message authenticationSW/FW IntegrityOn demandManually
HMAC-SHA2- 256 (A5883)HMAC-SHA2- 256 (A5883)Message authenticationSW/FW IntegrityOn demandManually

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module HMACSHA2-256 Table 22: Pre-Operational Self-Tests The pre-operational software integrity tests are performed automatically when the module is initialized, before the module transitions into the operational state. While the module is executing the self-tests, services are not available, and data output (via the data output interface) is inhibited until the tests are successfully completed. The module transitions to the operational state only after the pre-operational self-tests are passed successfully. Prior the first use, a CAST is executed for the algorithms used in the Pre-operational SelfTests.

10.2 Conditional Self-Tests

© 2025 SUSE, LLC/atsec information security corporation.

Page 107

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module © 2025 SUSE, LLC/atsec information security corporation.

Page 108

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module HMACSHA2-256 HMACSHA2-256 HMACSHA2-256 HMACSHA2-256 HMACSHA2-256 © 2025 SUSE, LLC/atsec information security corporation.

Page 109

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module HMACSHA2-256 HMACSHA2-256 HMACSHA2-256 © 2025 SUSE, LLC/atsec information security corporation.

Page 110

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module © 2025 SUSE, LLC/atsec information security corporation.

Page 111

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module © 2025 SUSE, LLC/atsec information security corporation.

Page 112

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module © 2025 SUSE, LLC/atsec information security corporation.

Page 113

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module © 2025 SUSE, LLC/atsec information security corporation.

Page 114

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module © 2025 SUSE, LLC/atsec information security corporation.

Page 115

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module P-256, P384, and P521 P-256, P384, and P521 P-256, P384, and P521 P-256, P384, and P521 P-256, P384, and P521 © 2025 SUSE, LLC/atsec information security corporation.

Page 116

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module P-256, P384, and P521 P-256, P384, and P521 P-256, P384, and P521 P-256, P384, and P521 P-256, P384, and P521 P-256, P384, and P521 P-256, P384, and P521 P-256, P384, and P521 © 2025 SUSE, LLC/atsec information security corporation.

Page 117

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module P-256, P384, and P521 P-256, P384, and P521 P-256, P384, and P521 P-256, P384, and P521 P-256, P384, and P521 KDF SP800108 SP80056Cr2 SP80056Cr2 © 2025 SUSE, LLC/atsec information security corporation.

Page 118

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module SP80056Cr2 © 2025 SUSE, LLC/atsec information security corporation.

Page 119

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module © 2025 SUSE, LLC/atsec information security corporation.

Page 120

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module © 2025 SUSE, LLC/atsec information security corporation.

Page 121

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module © 2025 SUSE, LLC/atsec information security corporation.

Page 122

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module Passwordbased Key Passwordbased Key Passwordbased Key Passwordbased Key Passwordbased Key Passwordbased Key © 2025 SUSE, LLC/atsec information security corporation.

Page 123

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module Passwordbased Key Passwordbased Key Passwordbased Key © 2025 SUSE, LLC/atsec information security corporation.

Page 124

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module KAS-FFCSSC Sp80056Ar3 KAS-ECCSSC Sp80056Ar3 KAS-ECCSSC Sp80056Ar3 KAS-ECCSSC Sp80056Ar3 KAS-ECCSSC Sp80056Ar3 KAS-ECCSSC Sp80056Ar3 KAS-ECCSSC Sp80056Ar3 KAS-ECCSSC Sp80056Ar3 © 2025 SUSE, LLC/atsec information security corporation.

Page 125

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module N/A 5.6.2.1.4 © 2025 SUSE, LLC/atsec information security corporation.

Page 126

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module and unencapsulation and unencapsulation and unencapsulation and unencapsulation © 2025 SUSE, LLC/atsec information security corporation.

Page 127
Self test
NameAlgorithm Or TestTest MethodTest TypePeriodPeriodic MethodDetailsIndicatorConditions
KTS-IFC (A5879)KTS-IFC (A5879)KATCASTKey encapsulation and un- encapsulationOAEP with 2048-bit keyModule becomes operationalTest runs at power-on before the integrity test
KTS-IFC (A5883)KTS-IFC (A5883)KATCASTKey encapsulation and un- encapsulationOAEP with 2048-bit keyModule becomes operationalTest runs at power-on before the integrity test
KTS-IFC (A5889)KTS-IFC (A5889)KATCASTKey encapsulation and un- encapsulationOAEP with 2048-bit keyModule becomes operationalTest runs at power-on before the integrity test
HMAC-SHA2- 256 (A5868)HMAC-SHA2- 256 (A5868)Message authenticationSW/FW IntegrityOn demandManually
HMAC-SHA2- 256 (A5864)HMAC-SHA2- 256 (A5864)Message authenticationSW/FW IntegrityOn demandManually
HMAC-SHA2- 256 (A5876)HMAC-SHA2- 256 (A5876)Message authenticationSW/FW IntegrityOn demandManually
HMAC-SHA2- 256 (A5877)HMAC-SHA2- 256 (A5877)Message authenticationSW/FW IntegrityOn demandManually
HMAC-SHA2- 256 (A5878)HMAC-SHA2- 256 (A5878)Message authenticationSW/FW IntegrityOn demandManually
HMAC-SHA2- 256 (A5879)HMAC-SHA2- 256 (A5879)Message authenticationSW/FW IntegrityOn demandManually
HMAC-SHA2- 256 (A5883)HMAC-SHA2- 256 (A5883)Message authenticationSW/FW IntegrityOn demandManually
HMAC-SHA2- 256 (A5889)HMAC-SHA2- 256 (A5889)Message authenticationSW/FW IntegrityOn demandManually
SHA-1 (A5868)SHA-1 (A5868)KATCASTOn DemandManually
SHA-1 (A5876)SHA-1 (A5876)KATCASTOn DemandManually
SHA-1 (A5877)SHA-1 (A5877)KATCASTOn DemandManually
SHA-1 (A5878)SHA-1 (A5878)KATCASTOn DemandManually
SHA-1 (A5879)SHA-1 (A5879)KATCASTOn DemandManually
SHA-1 (A5883)SHA-1 (A5883)KATCASTOn DemandManually
SHA-1 (A5889)SHA-1 (A5889)KATCASTOn DemandManually
SHA2-512 (A5868)SHA2-512 (A5868)KATCASTOn DemandManually
SHA2-512 (A5876)SHA2-512 (A5876)KATCASTOn DemandManually
SHA2-512 (A5877)SHA2-512 (A5877)KATCASTOn DemandManually
SHA2-512 (A5878)SHA2-512 (A5878)KATCASTOn DemandManually
SHA2-512 (A5879)SHA2-512 (A5879)KATCASTOn DemandManually
SHA2-512 (A5883)SHA2-512 (A5883)KATCASTOn DemandManually
SHA2-512 (A5889)SHA2-512 (A5889)KATCASTOn DemandManually
HMAC-SHA2- 256 (A5864)HMAC-SHA2- 256 (A5864)KATCASTOn DemandManually
HMAC-SHA2- 256 (A5868)HMAC-SHA2- 256 (A5868)KATCASTOn DemandManually
HMAC-SHA2- 256 (A5876)HMAC-SHA2- 256 (A5876)KATCASTOn DemandManually
HMAC-SHA2- 256 (A5877)HMAC-SHA2- 256 (A5877)KATCASTOn DemandManually
HMAC-SHA2- 256 (A5878)HMAC-SHA2- 256 (A5878)KATCASTOn DemandManually
HMAC-SHA2- 256 (A5879)HMAC-SHA2- 256 (A5879)KATCASTOn DemandManually
HMAC-SHA2- 256 (A5883)HMAC-SHA2- 256 (A5883)KATCASTOn DemandManually
HMAC-SHA2- 256 (A5889)HMAC-SHA2- 256 (A5889)KATCASTOn demandManually
SHA3-256 (A5869)SHA3-256 (A5869)KATCASTOn DemandManually
SHA3-256 (A5885)SHA3-256 (A5885)KATCASTOn DemandManually
AES-GCM (A5870)AES-GCM (A5870)KATCASTOn DemandManually
AES-GCM (A5871)AES-GCM (A5871)KATCASTOn DemandManually
AES-GCM (A5872)AES-GCM (A5872)KATCASTOn DemandManually
AES-GCM (A5873)AES-GCM (A5873)KATCASTOn DemandManually
AES-GCM (A5874)AES-GCM (A5874)KATCASTOn DemandManually
AES-GCM (A5875)AES-GCM (A5875)KATCASTOn DemandManually
AES-GCM (A5880)AES-GCM (A5880)KATCASTOn DemandManually
AES-GCM (A5881)AES-GCM (A5881)KATCASTOn DemandManually
AES-GCM (A5882)AES-GCM (A5882)KATCASTOn DemandManually
AES-GCM (A5886)AES-GCM (A5886)KATCASTOn DemandManually
AES-GCM (A5887)AES-GCM (A5887)KATCASTOn DemandManually
AES-GCM (A5888)AES-GCM (A5888)KATCASTOn DemandManually
AES-GCM (A5903)AES-GCM (A5903)KATCASTOn DemandManually
AES-GCM (A5904)AES-GCM (A5904)KATCASTOn DemandManually
AES-GCM (A5905)AES-GCM (A5905)KATCASTOn DemandManually
AES-ECB (A5398)AES-ECB (A5398)KATCASTOn DemandManually
AES-ECB (A5399)AES-ECB (A5399)KATCASTOn DemandManually
AES-ECB (A5400)AES-ECB (A5400)KATCASTOn DemandManually
AES-ECB (A5401)AES-ECB (A5401)KATCASTOn DemandManually
AES-ECB (A5402)AES-ECB (A5402)KATCASTOn DemandManually
AES-ECB (A5403)AES-ECB (A5403)KATCASTOn DemandManually
AES-ECB (A5658)AES-ECB (A5658)KATCASTOn DemandManually
AES-ECB (A5884)AES-ECB (A5884)KATCASTOn DemandManually
AES-ECB (A5893)AES-ECB (A5893)KATCASTOn DemandManually
AES-ECB (A5894)AES-ECB (A5894)KATCASTOn DemandManually
AES-ECB (A5895)AES-ECB (A5895)KATCASTOn DemandManually
AES-ECB (A5896)AES-ECB (A5896)KATCASTOn DemandManually
AES-ECB (A5900)AES-ECB (A5900)KATCASTOn DemandManually
RSA SigGen (FIPS186-5) (A5868)RSA SigGen (FIPS186-5) (A5868)KATCASTOn DemandManually
RSA SigGen (FIPS186-5) (A5869)RSA SigGen (FIPS186-5) (A5869)KATCASTOn DemandManually
RSA SigGen (FIPS186-5) (A5876)RSA SigGen (FIPS186-5) (A5876)KATCASTOn DemandManually
RSA SigGen (FIPS186-5) (A5877)RSA SigGen (FIPS186-5) (A5877)KATCASTOn DemandManually
RSA SigGen (FIPS186-5) (A5878)RSA SigGen (FIPS186-5) (A5878)KATCASTOn DemandManually
RSA SigGen (FIPS186-5) (A5879)RSA SigGen (FIPS186-5) (A5879)KATCASTOn DemandManually
RSA SigGen (FIPS186-5) (A5883)RSA SigGen (FIPS186-5) (A5883)KATCASTOn DemandManually
RSA SigGen (FIPS186-5) (A5885)RSA SigGen (FIPS186-5) (A5885)KATCASTOn DemandManually
RSA SigGen (FIPS186-5) (A5889)RSA SigGen (FIPS186-5) (A5889)KATCASTOn DemandManually
RSA SigVer (FIPS186-5) (A5868)RSA SigVer (FIPS186-5) (A5868)KATCASTOn DemandManually
RSA SigVer (FIPS186-5) (A5869)RSA SigVer (FIPS186-5) (A5869)KATCASTOn DemandManually
RSA SigVer (FIPS186-5) (A5876)RSA SigVer (FIPS186-5) (A5876)KATCASTOn DemandManually
RSA SigVer (FIPS186-5) (A5877)RSA SigVer (FIPS186-5) (A5877)KATCASTOn DemandManually
RSA SigVer (FIPS186-5) (A5878)RSA SigVer (FIPS186-5) (A5878)KATCASTOn DemandManually
RSA SigVer (FIPS186-5) (A5879)RSA SigVer (FIPS186-5) (A5879)KATCASTOn DemandManually
RSA SigVer (FIPS186-5) (A5883)RSA SigVer (FIPS186-5) (A5883)KATCASTOn DemandManually
RSA SigVer (FIPS186-5) (A5885)RSA SigVer (FIPS186-5) (A5885)KATCASTOn DemandManually
RSA SigVer (FIPS186-5) (A5889)RSA SigVer (FIPS186-5) (A5889)KATCASTOn DemandManually
ECDSA SigGen (FIPS186-5) (A5868)ECDSA SigGen (FIPS186-5) (A5868)KATCASTOn DemandManually
ECDSA SigGen (FIPS186-5) (A5869)ECDSA SigGen (FIPS186-5) (A5869)KATCASTOn DemandManually
ECDSA SigGen (FIPS186-5) (A5876)ECDSA SigGen (FIPS186-5) (A5876)KATCASTOn DemandManually
ECDSA SigGen (FIPS186-5) (A5877)ECDSA SigGen (FIPS186-5) (A5877)KATCASTOn DemandManually
ECDSA SigGen (FIPS186-5) (A5878)ECDSA SigGen (FIPS186-5) (A5878)KATCASTOn DemandManually
ECDSA SigGen (FIPS186-5) (A5879)ECDSA SigGen (FIPS186-5) (A5879)KATCASTOn DemandManually
ECDSA SigGen (FIPS186-5) (A5883)ECDSA SigGen (FIPS186-5) (A5883)KATCASTOn DemandManually
ECDSA SigGen (FIPS186-5) (A5885)ECDSA SigGen (FIPS186-5) (A5885)KATCASTOn DemandManually
ECDSA SigGen (FIPS186-5) (A5889)ECDSA SigGen (FIPS186-5) (A5889)KATCASTOn DemandManually
ECDSA SigVer (FIPS186-5) (A5868)ECDSA SigVer (FIPS186-5) (A5868)KATCASTOn DemandManually
ECDSA SigVer (FIPS186-5) (A5869)ECDSA SigVer (FIPS186-5) (A5869)KATCASTOn DemandManually
ECDSA SigVer (FIPS186-5) (A5876)ECDSA SigVer (FIPS186-5) (A5876)KATCASTOn DemandManually
ECDSA SigVer (FIPS186-5) (A5877)ECDSA SigVer (FIPS186-5) (A5877)KATCASTOn DemandManually
ECDSA SigVer (FIPS186-5) (A5878)ECDSA SigVer (FIPS186-5) (A5878)KATCASTOn DemandManually
ECDSA SigVer (FIPS186-5) (A5879)ECDSA SigVer (FIPS186-5) (A5879)KATCASTOn DemandManually
ECDSA SigVer (FIPS186-5) (A5883)ECDSA SigVer (FIPS186-5) (A5883)KATCASTOn DemandManually
ECDSA SigVer (FIPS186-5) (A5885)ECDSA SigVer (FIPS186-5) (A5885)KATCASTOn DemandManually
ECDSA SigVer (FIPS186-5) (A5889)ECDSA SigVer (FIPS186-5) (A5889)KATCASTOn DemandManually
KDF SP800-108 (A5899)KDF SP800-108 (A5899)KATCASTOn DemandManually
KDA OneStep SP800-56Cr2 (A5897)KDA OneStep SP800-56Cr2 (A5897)KATCASTOn DemandManually
KDA TwoStep SP800-56Cr2 (A5897)KDA TwoStep SP800-56Cr2 (A5897)KATCASTOn DemandManually
KDA HKDF SP800-56Cr2 (A5863)KDA HKDF SP800-56Cr2 (A5863)KATCASTOn DemandManually
KDF ANS 9.42 (A5868)KDF ANS 9.42 (A5868)KATCASTOn DemandManually
KDF ANS 9.42 (A5869)KDF ANS 9.42 (A5869)KATCASTOn DemandManually
KDF ANS 9.42 (A5876)KDF ANS 9.42 (A5876)KATCASTOn DemandManually
KDF ANS 9.42 (A5877)KDF ANS 9.42 (A5877)KATCASTOn DemandManually
KDF ANS 9.42 (A5878)KDF ANS 9.42 (A5878)KATCASTOn DemandManually
KDF ANS 9.42 (A5879)KDF ANS 9.42 (A5879)KATCASTOn DemandManually
KDF ANS 9.42 (A5883)KDF ANS 9.42 (A5883)KATCASTOn DemandManually
KDF ANS 9.42 (A5885)KDF ANS 9.42 (A5885)KATCASTOn DemandManually
KDF ANS 9.42 (A5889)KDF ANS 9.42 (A5889)KATCASTOn DemandManually
KDF ANS 9.63 (A5868)KDF ANS 9.63 (A5868)KATCASTOn DemandManually
KDF ANS 9.63 (A5869)KDF ANS 9.63 (A5869)KATCASTOn DemandManually
KDF ANS 9.63 (A5876)KDF ANS 9.63 (A5876)KATCASTOn DemandManually
KDF ANS 9.63 (A5877)KDF ANS 9.63 (A5877)KATCASTOn DemandManually
KDF ANS 9.63 (A5878)KDF ANS 9.63 (A5878)KATCASTOn DemandManually
KDF ANS 9.63 (A5879)KDF ANS 9.63 (A5879)KATCASTOn DemandManually
KDF ANS 9.63 (A5883)KDF ANS 9.63 (A5883)KATCASTOn DemandManually
KDF ANS 9.63 (A5885)KDF ANS 9.63 (A5885)KATCASTOn DemandManually
KDF ANS 9.63 (A5889)KDF ANS 9.63 (A5889)KATCASTOn DemandManually
KDF SSH (A5884)KDF SSH (A5884)KATCASTOn DemandManually
KDF SSH (A5893)KDF SSH (A5893)KATCASTOn DemandManually
KDF SSH (A5894)KDF SSH (A5894)KATCASTOn DemandManually
KDF SSH (A5895)KDF SSH (A5895)KATCASTOn DemandManually
KDF SSH (A5896)KDF SSH (A5896)KATCASTOn DemandManually
KDF SSH (A5900)KDF SSH (A5900)KATCASTOn DemandManually
TLS v1.2 KDF RFC7627 (A5868)TLS v1.2 KDF RFC7627 (A5868)KATCASTOn DemandManually
TLS v1.2 KDF RFC7627 (A5876)TLS v1.2 KDF RFC7627 (A5876)KATCASTOn DemandManually
TLS v1.2 KDF RFC7627 (A5877)TLS v1.2 KDF RFC7627 (A5877)KATCASTOn DemandManually
TLS v1.2 KDF RFC7627 (A5878)TLS v1.2 KDF RFC7627 (A5878)KATCASTOn DemandManually
TLS v1.2 KDF RFC7627 (A5879)TLS v1.2 KDF RFC7627 (A5879)KATCASTOn DemandManually
TLS v1.2 KDF RFC7627 (A5883)TLS v1.2 KDF RFC7627 (A5883)KATCASTOn DemandManually
TLS v1.2 KDF RFC7627 (A5889)TLS v1.2 KDF RFC7627 (A5889)KATCASTOn DemandManually
TLS v1.3 KDF (A5863)TLS v1.3 KDF (A5863)KATCASTOn DemandManually
PBKDF (A5868)PBKDF (A5868)KATCASTOn DemandManually
PBKDF (A5869)PBKDF (A5869)KATCASTOn DemandManually
PBKDF (A5876)PBKDF (A5876)KATCASTOn DemandManually
PBKDF (A5877)PBKDF (A5877)KATCASTOn DemandManually
PBKDF (A5878)PBKDF (A5878)KATCASTOn DemandManually
PBKDF (A5879)PBKDF (A5879)KATCASTOn DemandManually
PBKDF (A5883)PBKDF (A5883)KATCASTOn DemandManually
PBKDF (A5885)PBKDF (A5885)KATCASTOn DemandManually
PBKDF (A5889)PBKDF (A5889)KATCASTOn DemandManually
Counter DRBG (A5397)Counter DRBG (A5397)KATCASTOn DemandManually
Hash DRBG (A5397)Hash DRBG (A5397)KATCASTOn DemandManually
HMAC DRBG (A5397)HMAC DRBG (A5397)KATCASTOn DemandManually
KAS-FFC-SSC Sp800-56Ar3 (A5898)KAS-FFC-SSC Sp800-56Ar3 (A5898)KATCASTOn DemandManually
KAS-ECC-SSC Sp800-56Ar3 (A5868)KAS-ECC-SSC Sp800-56Ar3 (A5868)KATCASTOn DemandManually
KAS-ECC-SSC Sp800-56Ar3 (A5876)KAS-ECC-SSC Sp800-56Ar3 (A5876)KATCASTOn DemandManually
KAS-ECC-SSC Sp800-56Ar3 (A5877)KAS-ECC-SSC Sp800-56Ar3 (A5877)KATCASTOn DemandManually
KAS-ECC-SSC Sp800-56Ar3 (A5878)KAS-ECC-SSC Sp800-56Ar3 (A5878)KATCASTOn DemandManually
KAS-ECC-SSC Sp800-56Ar3 (A5879)KAS-ECC-SSC Sp800-56Ar3 (A5879)KATCASTOn DemandManually
KAS-ECC-SSC Sp800-56Ar3 (A5883)KAS-ECC-SSC Sp800-56Ar3 (A5883)KATCASTOn DemandManually
KAS-ECC-SSC Sp800-56Ar3 (A5889)KAS-ECC-SSC Sp800-56Ar3 (A5889)KATCASTOn DemandManually
Safe Primes Key Generation (A5898)Safe Primes Key Generation (A5898)PCTPCTOn DemandManually
RSA KeyGen (FIPS186-5) (A5868)RSA KeyGen (FIPS186-5) (A5868)PCTPCTOn DemandManually
RSA KeyGen (FIPS186-5) (A5876)RSA KeyGen (FIPS186-5) (A5876)PCTPCTOn DemandManually
RSA KeyGen (FIPS186-5) (A5877)RSA KeyGen (FIPS186-5) (A5877)PCTPCTOn DemandManually
RSA KeyGen (FIPS186-5) (A5878)RSA KeyGen (FIPS186-5) (A5878)PCTPCTOn DemandManually
RSA KeyGen (FIPS186-5) (A5879)RSA KeyGen (FIPS186-5) (A5879)PCTPCTOn DemandManually
RSA KeyGen (FIPS186-5) (A5883)RSA KeyGen (FIPS186-5) (A5883)PCTPCTOn DemandManually
RSA KeyGen (FIPS186-5) (A5889)RSA KeyGen (FIPS186-5) (A5889)PCTPCTOn DemandManually
ECDSA KeyGen (FIPS186-5) (A5868)ECDSA KeyGen (FIPS186-5) (A5868)PCTPCTOn DemandManually
ECDSA KeyGen (FIPS186-5) (A5876)ECDSA KeyGen (FIPS186-5) (A5876)PCTPCTOn DemandManually
ECDSA KeyGen (FIPS186-5) (A5877)ECDSA KeyGen (FIPS186-5) (A5877)PCTPCTOn DemandManually
ECDSA KeyGen (FIPS186-5) (A5878)ECDSA KeyGen (FIPS186-5) (A5878)PCTPCTOn DemandManually
ECDSA KeyGen (FIPS186-5) (A5879)ECDSA KeyGen (FIPS186-5) (A5879)PCTPCTOn DemandManually
ECDSA KeyGen (FIPS186-5) (A5883)ECDSA KeyGen (FIPS186-5) (A5883)PCTPCTOn DemandManually
ECDSA KeyGen (FIPS186-5) (A5889)ECDSA KeyGen (FIPS186-5) (A5889)PCTPCTOn DemandManually
KTS-IFC (A5868)KTS-IFC (A5868)KATCASTOn demandManually
KTS-IFC (A5876)KTS-IFC (A5876)KATCASTOn demandManually
KTS-IFC (A5877)KTS-IFC (A5877)KATCASTOn demandManually
KTS-IFC (A5878)KTS-IFC (A5878)KATCASTOn demandManually
KTS-IFC (A5879)KTS-IFC (A5879)KATCASTOn demandManually
KTS-IFC (A5883)KTS-IFC (A5883)KATCASTOn demandManually
KTS-IFC (A5889)KTS-IFC (A5889)KATCASTOn demandManually

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module and unencapsulation and unencapsulation and unencapsulation Table 23: Conditional Self-Tests Data output through the data output interface is inhibited during the conditional self-tests. The module does not return control to the calling application until the tests are completed. If any of these tests fails, the module transitions to the error state (Section 10.4 Error States).

10.3 Periodic Self-Test Information

© 2025 SUSE, LLC/atsec information security corporation.

Page 128

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module Table 24: Pre-Operational Periodic Information © 2025 SUSE, LLC/atsec information security corporation.

Page 129

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module © 2025 SUSE, LLC/atsec information security corporation.

Page 130

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module © 2025 SUSE, LLC/atsec information security corporation.

Page 131

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module © 2025 SUSE, LLC/atsec information security corporation.

Page 132

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module © 2025 SUSE, LLC/atsec information security corporation.

Page 133

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module © 2025 SUSE, LLC/atsec information security corporation.

Page 134

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module © 2025 SUSE, LLC/atsec information security corporation.

Page 135

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module © 2025 SUSE, LLC/atsec information security corporation.

Page 136

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module © 2025 SUSE, LLC/atsec information security corporation.

Page 137

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module © 2025 SUSE, LLC/atsec information security corporation.

Page 138

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module © 2025 SUSE, LLC/atsec information security corporation.

Page 139
Service
NameDescriptionRole AccessIndicator
ErrorIf the module fails any of the self- tests, the module enters the error state. In the error state, the module immediately stops functioning and ends the application processSoftware integrity test failure CAST failureOSSL_PROV_PARAM_STATUS is set to 0. Module will not load.Module reinitialization
PCT ErrorPairwise consistency test failurePCT failureModule is abortedModule reinitialization

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module Table 25: Conditional Periodic Information

10.4 Error States

© 2025 SUSE, LLC/atsec information security corporation.

Page 140

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module Table 26: Error States If the module fails any of the self-tests, the module enters the error state. In the error state, the module immediately stops functioning and ends the application process. Consequently, the data output interface is inhibited, and the module no longer accepts inputs or requests (as the module is no longer running).

10.5 Operator Initiation of Self-Tests

Both conditional and pre-operational self-tests can be executed on-demand by unloading and subsequently re-initializing the module, or by calling the OSSL_PROVIDER_self_test function. The pair-wise consistency tests can be invoked on demand by requesting the key pair generation service. © 2025 SUSE, LLC/atsec information security corporation.

Page 141

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module

11 Life-Cycle Assurance
11.1 Installation, Initialization, and Startup Procedures

The module is distributed as a part of the SUSE Linux Enterprise 15 SP6 OpenSSL package in the form of the libopenssl-3-fips-provider-3.1.4-150600.5.15.1 RPM package. Before the libopenssl-3-fips-provider-3.1.4-150600.5.15.1 RPM package is installed, the SUSE Linux Enterprise 15 SP6 system must operate in the FIPS validated configuration. To do so the following steps shall be performed with the root privilege:

  1. Install the needed crypto-policies scripts: # zypper in crypto-policies-scripts
  2. Set FIPS validated crypto-policies : # update-crypto-policies --set FIPS
  3. Append the following parameter in the /etc/default/grub configuration file in the GRUB_CMDLINE_LINUX_DEFAULT line: fips=1
  4. After editing the configuration file, please run the following command to change the setting in the UEFI and BIOS boot loaders: # grub2-mkconfig -o /boot/efi/EFI/sles/grub.cfg # grub2-mkconfig -o /boot/grub2/grub.cfg If /boot or /boot/efi resides on a separate partition, the kernel parameter boot=<partition of /boot or /boot/efi> must be supplied. The partition can be identified with the command "df /boot" or "df /boot/efi" respectively. For example: # df /boot Filesystem 1K-blocks Used Available Use% Mounted on /dev/sda1 233191 30454 190296 14% /boot The partition of /boot is located on /dev/sda1 in this example. Therefore, the following string needs to be appended in the aforementioned grub file: "boot=/dev/sda1"
  5. Reboot to apply these settings. Now, the operating environment is configured to support the approved mode of operation. The Crypto Officer should check the existence of the file /proc/sys/crypto/fips_enabled, and verify it contains a numeric value “1”. If the file does not exist or does not contain “1”, the operating environment is not configured to support the approved mode of operation and the module will not operate as a FIPS validated module properly.
11.2 Administrator Guidance

After the libopenssl-3-fips-provider-3.1.4-150600.5.15.1 RPM package is installed, the Crypto Officer must execute the openssl list --providers command. This command should display the base/default and FIPS providers as follows: Providers base © 2025 SUSE, LLC/atsec information security corporation.

Page 142

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module default fips name: OpenSSL Base Provider version: 3.1.4 status: active name: OpenSSL Default Provider version: 3.1.4 status: active name: SUSE Linux Enterprise - OpenSSL FIPS Provider version: 3.1.4 SUSE release 150600.5.15.1 status: active The cryptographic boundary consists only of the FIPS provider as listed. If any other OpenSSL or third-party provider is invoked, the user is not interacting with the module specified in this Security Policy.

11.3 Non-Administrator Guidance

There is no Non-Administrator Guidance.

11.4 End of Life

As the module does not persistently store SSPs, secure sanitization of the module consists of unloading the module. This will zeroize all SSPs in volatile memory. Then, if desired, the libopenssl-3-fips-provider-3.1.4-150600.5.15.1 RPM package can be uninstalled from the SUSE Linux Enterprise 15 SP6 system. © 2025 SUSE, LLC/atsec information security corporation.

Page 143

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module

12 Mitigation of Other Attacks
12.1 Attack List

Certain cryptographic subroutines and algorithms are vulnerable to timing analysis. The module claims mitigation of timing-based side-channel attacks implementing two methods, Constant-time Implementations and Numeric Blinding:

Page 144

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module Appendix A. Glossary and Abbreviations AES Advanced Encryption Standard API Application Programming Interface CAST Cryptographic Algorithm Self-Test CAVP Cryptographic Algorithm Validation Program CBC Cipher Block Chaining CCM Counter with Cipher Block Chaining-Message Authentication Code CFB Cipher Feedback CKG Cryptographic Key Generation CMAC Cipher-based Message Authentication Code CMVP Cryptographic Module Validation Program CSP Critical Security Parameter CTR Counter DH Diffie-Hellman DRBG Deterministic Random Bit Generator ECB Electronic Code Book ECC Elliptic Curve Cryptography ECDH Elliptic Curve Diffie-Hellman ECDSA Elliptic Curve Digital Signature Algorithm EVP Envelope FFC Finite Field Cryptography FIPS Federal Information Processing Standards GCM Galois Counter Mode GMAC Galois Counter Mode Message Authentication Code HKDF HMAC-based Key Derivation Function HMAC Keyed-Hash Message Authentication Code IKE Internet Key Exchange KAS Key Agreement Scheme KAT Known Answer Test KBKDF Key-based Key Derivation Function KW Key Wrap KWP Key Wrap with Padding MAC Message Authentication Code NIST National Institute of Science and Technology OFB Output Feedback PAA Processor Algorithm Acceleration PCT Pair-wise Consistency Test PBKDF2 Password-based Key Derivation Function v2 PSS Probabilistic Signature Scheme RSA Rivest, Shamir, Adleman © 2025 SUSE, LLC/atsec information security corporation.

Page 145

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module SHA Secure Hash Algorithm SSC Shared Secret Computation SSH Secure Shell SSP Sensitive Security Parameter TLS Transport Layer Security XOF Extendable Output Function XTS XEX-based Tweaked-codebook mode with cipher text Stealing © 2025 SUSE, LLC/atsec information security corporation.

Page 146

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module Appendix B. References ANS X9.42-2001 Public Key Cryptography for the Financial Services Industry: Agreement of Symmetric Keys Using Discrete Logarithm Cryptography 2001 https://webstore.ansi.org/standards/ascx9/ansix9422001 ANS X9.63-2001 Public Key Cryptography for the Financial Services Industry, Key Agreement and Key Transport Using Elliptic Curve Cryptography 2001 https://webstore.ansi.org/standards/ascx9/ansix9632001 FIPS 140-3 FIPS PUB 140-3 - Security Requirements for Cryptographic Modules March 2019 https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.140-3.pdf FIPS 140-3 IG Implementation Guidance for FIPS PUB 140-3 and the Cryptographic Module Validation Program

23 October 2024

https://csrc.nist.gov/csrc/media/Projects/cryptographic-modulevalidation-program/documents/fips%20140-3/FIPS%201403%20IG.pdf FIPS 180-4 Secure Hash Standard (SHS) August 2015 https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf FIPS 186-2 Digital Signature Standard (DSS) January 2000 https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf FIPS 186-4 Digital Signature Standard (DSS) July 2013 https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf © 2025 SUSE, LLC/atsec information security corporation.

Page 147

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 186-5 Digital Signature Standard (DSS) February 2023 https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-5.pdf FIPS 197 Advanced Encryption Standard November 2001 https://csrc.nist.gov/publications/fips/fips197/fips-197.pdf FIPS 198-1 The Keyed Hash Message Authentication Code (HMAC) July 2008 https://csrc.nist.gov/publications/fips/fips198-1/FIPS-198-1_final.pdf FIPS 202 SHA-3 Standard: Permutation-Based Hash and ExtendableOutput Functions August 2015 https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf RFC 3526 More Modular Exponential (MODP) Diffie-Hellman groups for Internet Key Exchange (IKE) May 2003 https://www.ietf.org/rfc/rfc3526.txt RFC 5288 AES Galois Counter Mode (GCM) Cipher Suites for TLS August 2008 https://www.ietf.org/rfc/rfc5288.txt RFC 7919 Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for Transport Layer Security (TLS) August 2016 https://www.ietf.org/rfc/rfc7919.txt RFC 8446 The Transport Layer Security (TLS) Protocol Version 1.3 August 2018 https://www.ietf.org/rfc/rfc8446.txt SP 800-140B Rev. 1 NIST Special Publication 800-140B - CMVP Security Policy Requirements October 2024 https://csrc.nist.gov/projects/cmvp/sp800-140b © 2025 SUSE, LLC/atsec information security corporation.

Page 148

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module SP 800-38A Recommendation for Block Cipher Modes of Operation Methods and Techniques December 2001 https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication8 00-38a.pdf SP 800-38A Addendum Recommendation for Block Cipher Modes of Operation: Three Variants of Ciphertext Stealing for CBC Mode October 2010 https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication8 00-38a-add.pdf SP 800-38B Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication May 2005 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.80038b.pdf SP 800-38C Recommendation for Block Cipher Modes of Operation: the CCM Mode for Authentication and Confidentiality July 2007 https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication8 00-38c.pdf SP 800-38D Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC November 2007 https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication8 00-38d.pdf SP 800-38E Recommendation for Block Cipher Modes of Operation: The XTS AES Mode for Confidentiality on Storage Devices January 2010 https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication8 00-38e.pdf SP 800-38F Recommendation for Block Cipher Modes of Operation: Methods for Key Wrapping December 2012 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.80038F.pdf © 2025 SUSE, LLC/atsec information security corporation.

Page 149

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module SP 800-52 Rev. 2 Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations August 2019 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.80052r2.pdf SP 800-56A Rev. 3 Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography April 2018 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.80056Ar3.pdf SP 800-56C Rev. 2 Recommendation for Key-Derivation Methods in KeyEstablishment Schemes August 2020 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.80056Cr2.pdf SP 800-90A Rev. 1 Recommendation for Random Number Generation Using Deterministic Random Bit Generators June 2015 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.80090Ar1.pdf SP 800-90B Recommendation for the Entropy Sources Used for Random Bit Generation January 2018 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.80090B.pdf SP 800-108 Rev. 1 NIST Special Publication 800-108r1 - Recommendation for Key Derivation Using Pseudorandom Functions August 2022 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800108r1-upd1.pdf SP 800-132 Recommendation for Password-Based Key Derivation - Part 1: Storage Applications December 2010 https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication8 00-132.pdf © 2025 SUSE, LLC/atsec information security corporation.

Page 150

SUSE Linux Enterprise OpenSSL 3 Cryptographic Module SP 800-133 Rev. 2 Recommendation for Cryptographic Key Generation June 2020 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800133r2.pdf SP 800-135 Rev. 1 Recommendation for Existing Application-Specific Key Derivation Functions December 2011 https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication8 00-135r1.pdf © 2025 SUSE, LLC/atsec information security corporation.

Referenced URLs