| Standard | FIPS 140-3 |
|---|---|
| Overall level | 1 |
| Module type | Software |
| Embodiment | Multi-Chip Stand Alone |
| Status | Active |
| Sunset date | 11/25/2030 |
| Caveat | When operated in approved mode. No assurance of minimum security of SSPs (e.g., keys, bit strings) that are externally loaded, or of SSPs established with externally loaded SSPs. |
| Vendor | SUSE LLC |
| Algorithm | ACVP Cert |
|---|---|
| AES-CBC | A5398 |
| AES-CBC-CS1 | A5398 |
| AES-CBC-CS2 | A5398 |
| AES-CBC-CS3 | A5398 |
| AES-CCM | A5398 |
| AES-CFB1 | A5398 |
| AES-CFB128 | A5398 |
| AES-CFB8 | A5398 |
| AES-CMAC | A5398 |
| AES-CTR | A5398 |
| AES-ECB | A5398 |
| AES-GCM | A5870 |
| AES-GMAC | A5870 |
| AES-KW | A5398 |
| AES-KWP | A5398 |
| AES-OFB | A5398 |
| AES-XTS Testing Revision 2.0 | A5398 |
| Counter DRBG | A5397 |
| ECDSA KeyGen (FIPS186-5) | A5868 |
| ECDSA KeyVer (FIPS186-5) | A5868 |
| ECDSA SigGen (FIPS186-5) | A5868 |
| ECDSA SigVer (FIPS186-5) | A5868 |
| Hash DRBG | A5397 |
| HMAC DRBG | A5397 |
| HMAC-SHA-1 | A5868 |
| HMAC-SHA2- 224 | A5868 |
| HMAC-SHA2- 256 | A5864 |
| HMAC-SHA2- 384 | A5868 |
| HMAC-SHA2- 512 | A5868 |
| HMAC-SHA2- 512/224 | A5868 |
| HMAC-SHA2- 512/256 | A5868 |
| HMAC-SHA3- 224 | A5869 |
| HMAC-SHA3- 256 | A5869 |
| HMAC-SHA3- 384 | A5869 |
| HMAC-SHA3- 512 | A5869 |
| KAS-ECC-SSC Sp800-56Ar3 | A5868 |
| KAS-FFC-SSC Sp800-56Ar3 | A5898 |
| KAS-IFC-SSC | A5868 |
| KDA HKDF SP800-56Cr2 | A5863 |
| KDA OneStep SP800-56Cr2 | A5897 |
| KDA TwoStep SP800-56Cr2 | A5897 |
| KDF ANS 9.42 (CVL) | A5868 |
| KDF ANS 9.63 (CVL) | A5868 |
| KDF SP800- 108 | A5899 |
| KDF SSH (CVL) | A5884 |
| KTS-IFC | A5868 |
| PBKDF | A5868 |
| RSA KeyGen (FIPS186-5) | A5868 |
| RSA SigGen (FIPS186-5) | A5868 |
| RSA SigVer (FIPS186-2) | A5868 |
| RSA SigVer (FIPS186-4) | A5868 |
| RSA SigVer (FIPS186-5) | A5868 |
| SHA-1 | A5868 |
| SHA2-224 | A5868 |
| SHA2-256 | A5864 |
| SHA2-384 | A5868 |
| SHA2-512 | A5868 |
| SHA2-512/224 | A5868 |
| SHA2-512/256 | A5868 |
| SHA3-224 | A5869 |
| SHA3-256 | A5869 |
| SHA3-384 | A5869 |
| SHA3-512 | A5869 |
| SHAKE-128 | A5869 |
| SHAKE-256 | A5869 |
| TLS v1.2 KDF RFC7627 (CVL) | A5868 |
| TLS v1.3 KDF (CVL) | A5863 |
| Requirement area | Level |
|---|---|
| Cryptographic Module Specification | 2 |
| Cryptographic Module Interfaces | 3 |
| Roles, Services, and Authentication | 4 |
| Software/Firmware Security | 5 |
| Operational Environment | 6 |
| Self-Tests | 1 |
| Life-Cycle Assurance | 1 |
| Mitigation of Other Attacks | 1 |
flowchart LR
%% Deterministic review-risk graph for SUSE Linux Enterprise OpenSSL 3 Cryptographic Module
%% Review prompts and evidence gaps, NOT vulnerability findings.
subgraph CMVP["CMVP-disclosed clues"]
C2["[low] Firmware update / recovery<br/>/ rollback (referenced in<br/>text)<br/><i>update<br/>Recovery</i>"]
C3["[high] Unauthenticated /<br/>self-test / status service<br/>surface<br/><i>Symmetric Encryption with AES<br/>Symmetric Decryption with AES<br/>Show status</i>"]
C5["[low] Protocol / secure-channel<br/>references (may be KDF<br/>names, not a live channel)<br/><i>TLS<br/>SSH<br/>HTTPS</i>"]
C6["[low] Operating system / runtime<br/>referenced (boundary<br/>membership not asserted)<br/><i>operating system<br/>linux<br/>kernel</i>"]
end
subgraph Inference["Derived inference"]
I2["Possible only, trusted<br/>code is reachable through<br/>update and recovery paths."]
I3["Some services may process<br/>input before, or without,<br/>operator authentication."]
I5["Possible only, a protocol<br/>is referenced, but whether<br/>it is a live channel or<br/>only a KDF/algorithm name<br/>is unconfirmed."]
I6["Possible only, a<br/>runtime/OS is referenced,<br/>but its membership in the<br/>cryptographic boundary is<br/>not established."]
end
subgraph Risk["Reviewer question"]
R2["Are update images<br/>authenticated before<br/>parsing, and are<br/>downgrade/rollback paths<br/>constrained?"]
R3["Can unauthenticated<br/>services leak state,<br/>consume resources, or<br/>transition security state?"]
R5["If a live TLS/SSH/IKE<br/>channel exists, could<br/>library CVEs apply, or is<br/>this only a<br/>KDF/documentation name?"]
R6["If the OS/runtime is<br/>in-boundary, could its<br/>CVEs be hidden by<br/>firmware-only versioning?"]
end
subgraph Evidence["Evidence needed to close"]
E2["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>update image format ·<br/>signature-before-parse<br/>proof · anti-rollback /<br/>downgrade policy"]
E3["pre-auth reachability<br/>matrix · rate limits and<br/>output redaction ·<br/>abuse-case tests"]
E5["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>library identity and<br/>version ·<br/>certificate-validation<br/>behaviour · protocol-CVE<br/>disposition"]
E6["confirm the disclosure<br/>itself (keyword hit,<br/>context unverified) ·<br/>runtime identity and<br/>config · kernel/runtime<br/>hardening profile ·<br/>patch/backport manifest"]
end
C2 --> I2 --> R2 --> E2
C3 --> I3 --> R3 --> E3
C5 --> I5 --> R5 --> E5
C6 --> I6 --> R6 --> E6
classDef clue fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
classDef infer fill:#fff7e6,stroke:#b98500,color:#6b4e00;
classDef risk fill:#fbe9e9,stroke:#b02a2a,color:#7a1f1f;
classDef evidence fill:#e6f4ea,stroke:#1e7d34,color:#14532d;
class C2,C3,C5,C6 clue;
class I2,I3,I5,I6 infer;
class R2,R3,R5,R6 risk;
class E2,E3,E5,E6 evidence;flowchart LR
%% Deterministic clue tier for SUSE Linux Enterprise OpenSSL 3 Cryptographic Module
%% confidence: high = structured record field; medium = structured but soft; low (dashed) = bare keyword hit, context unverified
subgraph CMVP["CMVP-disclosed clues (deterministic)"]
C2["[low] Firmware update / recovery / rollback (referenced in text)<br/><i>update<br/>Recovery</i><br/>src: text:keyword"]
C3["[high] Unauthenticated / self-test / status service surface<br/><i>Symmetric Encryption with AES<br/>Symmetric Decryption with AES<br/>Show status</i><br/>src: securityPolicy.services"]
C5["[low] Protocol / secure-channel references (may be KDF names, not a live channel)<br/><i>TLS<br/>SSH<br/>HTTPS</i><br/>src: text:keyword"]
C6["[low] Operating system / runtime referenced (boundary membership not asserted)<br/><i>operating system<br/>linux<br/>kernel</i><br/>src: text:keyword"]
end
classDef clueHigh fill:#eef3f9,stroke:#2f6fb0,stroke-width:2px,color:#1f3a5f;
classDef clueMedium fill:#eef3f9,stroke:#6f7f91,color:#1f3a5f;
classDef clueLow fill:#f7f7f7,stroke:#999,stroke-dasharray:4 4,color:#444;
class C2,C5,C6 clueLow;
class C3 clueHigh;SUSE LLC SUSE Linux Enterprise OpenSSL 3 Cryptographic Module Prepared by: atsec information security corporation
Austin, TX 78759 www.atsec.com Document version: 1.2 Last update: 15-12-2025 © 2025 SUSE, LLC/atsec information security corporation.
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module Table of Contents 1.1.1 © 2025 SUSE, LLC/atsec information security corporation.
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module © 2025 SUSE, LLC/atsec information security corporation.
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module List of Tables Table 3: Tested Module Identification
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module List of Figures © 2025 SUSE, LLC/atsec information security corporation.
| Name | ISO Section | Requirement | Level |
|---|---|---|---|
| 1 | 1 | General | 1 |
| 2 | 2 | Cryptographic module specification | 1 |
| 3 | 3 | Cryptographic module interfaces | 1 |
| 4 | 4 | Roles, services, and authentication | 1 |
| 5 | 5 | Software/Firmware security | 1 |
| 6 | 6 | Operational environment | 1 |
| 7 | 7 | Physical security | N/A |
| 8 | 8 | Non-invasive security | N/A |
| 9 | 9 | Sensitive security parameter management | 1 |
| 10 | 10 | Self-tests | 1 |
| 11 | 11 | Life-cycle assurance | 1 |
| 12 | 12 | Mitigation of other attacks | 1 |
| Overall Level | Overall Level | 1 |
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module
This document is the non-proprietary FIPS 140-3 Security Policy for version 1.0 of the SUSE Linux Enterprise OpenSSL 3 Cryptographic Module. It contains the security rules under which the module must operate and describes how this module meets the requirements as specified in FIPS PUB 140-3 (Federal Information Processing Standards Publication 140-3) for intact and including this notice. Other documentation is proprietary to their authors.
In preparing the Security Policy document, the laboratory formatted the vendor-supplied documentation for consolidation without altering the technical statements therein contained. The further refining of the Security Policy document was conducted iteratively throughout the conformance testing, wherein the Security Policy was submitted to the vendor, who would then edit, modify, and add technical contents. The vendor would also supply additional documentation, which the laboratory formatted into the existing Security Policy, and resubmitted to the vendor for their final editing.
N/A N/A © 2025 SUSE, LLC/atsec information security corporation.
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module Table 1: Security Levels © 2025 SUSE, LLC/atsec information security corporation.
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module
Purpose and Use: The SUSE Linux Enterprise OpenSSL 3 Cryptographic Module (hereafter referred to as “the module”) is defined as a software module in a multi-chip standalone embodiment. It provides a C language application program interface (API) for use by other applications that require cryptographic functionality. The module is a software library supporting FIPS 140-3 approved algorithms developed by SUSE LLC for its use by other applications that require cryptographic functionality and consists of one software component, the “FIPS provider”, which implements the FIPS requirements and the cryptographic functionality provided to the operator. Module Type: Software Module Embodiment: Multi-Chip Standalone Cryptographic Boundary: The cryptographic boundary of the module is defined as the fips.so shared library, which contains the compiled code implementing the FIPS provider. Tested Operational Environment’s Physical Perimeter (TOEPP): The TOEPP of the module is defined as the general-purpose computer on which the module is installed. Figure 1 shows a block diagram that represents the design of the module when the module is operational and providing services to other user space applications. In this diagram, the physical perimeter of the operational environment (a general-purpose computer on which the module is installed) is indicated by a purple dashed line. The cryptographic boundary is represented by the components painted in orange blocks, which consists only of the shared library implementing the FIPS provider (fips.so). The “Data/Control Input” and “Data/Status Output” arrows indicate the flow of data between the cryptographic module and its operator application, through the logical interfaces defined in Section 3 Cryptographic Module Interfaces. Components in white are only included in the diagram for informational purposes. They are not included in the cryptographic boundary (and therefore not part of the module’s validation). For example, the kernel is responsible for managing system calls issued by the module itself, as well as other applications using the module for cryptographic services. © 2025 SUSE, LLC/atsec information security corporation.
| Name | Operating System | Hardware Platform | Firmware Version | Software Version | Processor | Paa Pai | Hypervisor | Features | Package | Integrity Test |
|---|---|---|---|---|---|---|---|---|---|---|
| fips.so on SUSE Linux Enterprise Server 15 SP6 and AMD EPYC™ 7343 | 1.0 | N/A | fips.so on SUSE Linux Enterprise Server 15 SP6 and AMD EPYC™ 7343 | HMAC-SHA2-256 | ||||||
| fips.so on SUSE Linux Enterprise Server 15 SP6 and Intel® Xeon® Gold 5416S | 1.0 | N/A | fips.so on SUSE Linux Enterprise Server 15 SP6 and Intel® Xeon® Gold 5416S | HMAC-SHA2-256 | ||||||
| fips.so on SUSE Linux Enterprise Server 15 SP6 and IBM® Telum™ | 1.0 | N/A | fips.so on SUSE Linux Enterprise Server 15 SP6 and IBM® Telum™ | HMAC-SHA2-256 | ||||||
| fips.so on SUSE Linux Enterprise Server 15 SP6 and Ampere® Altra® Q80-30 | 1.0 | N/A | fips.so on SUSE Linux Enterprise Server 15 SP6 and Ampere® Altra® Q80-30 | HMAC-SHA2-256 | ||||||
| SUSE Linux Enterprise Server 15 SP6 | SUSE Linux Enterprise Server 15 SP6 | SuperMicro SuperChassis 825BTQC- R1K23LPB and Motherboard H12DSi-NT6 | 1.0 | AMD EPYC™ 7343 | Yes | N/A | ||||
| SUSE Linux Enterprise Server 15 SP6 | SUSE Linux Enterprise Server 15 SP6 | SuperMicro SuperChassis 825BTQC- R1K23LPB and Motherboard H12DSi-NT6 | 1.0 | AMD EPYC™ 7343 | No | N/A | ||||
| SUSE Linux Enterprise Server 15 SP6 | SUSE Linux Enterprise Server 15 SP6 | GIGABYTE R152- P30 | 1.0 | Ampere® Altra® Q80- 30 | Yes | N/A | ||||
| SUSE Linux Enterprise Server 15 SP6 | SUSE Linux Enterprise Server 15 SP6 | GIGABYTE R152- P30 | 1.0 | Ampere® Altra® Q80- 30 | No | N/A | ||||
| SUSE Linux Enterprise Server 15 SP6 | SUSE Linux Enterprise Server 15 SP6 | IBM z16 A01 | 1.0 | IBM® Telum™ | Yes | N/A | ||||
| SUSE Linux Enterprise | SUSE Linux Enterprise | IBM z16 A01 | 1.0 | IBM® Telum™ | No | N/A |
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module Figure 1: Block Diagram
Identification Tested Module Identification
| Name | Operating System | Hardware Platform | Firmware Version | Software Version | Processor | Paa Pai | Hypervisor | Features | Package | Integrity Test |
|---|---|---|---|---|---|---|---|---|---|---|
| fips.so on SUSE Linux Enterprise Server 15 SP6 and Ampere® Altra® Q80-30 | 1.0 | N/A | fips.so on SUSE Linux Enterprise Server 15 SP6 and Ampere® Altra® Q80-30 | HMAC-SHA2-256 | ||||||
| SUSE Linux Enterprise Server 15 SP6 | SUSE Linux Enterprise Server 15 SP6 | SuperMicro SuperChassis 825BTQC- R1K23LPB and Motherboard H12DSi-NT6 | 1.0 | AMD EPYC™ 7343 | Yes | N/A | ||||
| SUSE Linux Enterprise Server 15 SP6 | SUSE Linux Enterprise Server 15 SP6 | SuperMicro SuperChassis 825BTQC- R1K23LPB and Motherboard H12DSi-NT6 | 1.0 | AMD EPYC™ 7343 | No | N/A | ||||
| SUSE Linux Enterprise Server 15 SP6 | SUSE Linux Enterprise Server 15 SP6 | GIGABYTE R152- P30 | 1.0 | Ampere® Altra® Q80- 30 | Yes | N/A | ||||
| SUSE Linux Enterprise Server 15 SP6 | SUSE Linux Enterprise Server 15 SP6 | GIGABYTE R152- P30 | 1.0 | Ampere® Altra® Q80- 30 | No | N/A | ||||
| SUSE Linux Enterprise Server 15 SP6 | SUSE Linux Enterprise Server 15 SP6 | IBM z16 A01 | 1.0 | IBM® Telum™ | Yes | N/A | ||||
| SUSE Linux Enterprise | SUSE Linux Enterprise | IBM z16 A01 | 1.0 | IBM® Telum™ | No | N/A | ||||
| SUSE Linux Enterprise Server 15 SP6 | SUSE Linux Enterprise Server 15 SP6 | ASUS RS700-E11- RS4U | 1.0 | Intel® Xeon® Gold 5416S | Yes | N/A | ||||
| SUSE Linux Enterprise Server 15 SP6 | SUSE Linux Enterprise Server 15 SP6 | ASUS RS700-E11- RS4U | 1.0 | Intel® Xeon® Gold 5416S | No | N/A | ||||
| SUSE Linux Enterprise Server for SAP 15SP6 | SUSE Linux Enterprise Server for SAP 15SP6 | ASUS RS700-E11-RS4U on Intel® Xeon® Gold 5416S | ||||||||
| SUSE Linux Enterprise Desktop 15SP6 | SUSE Linux Enterprise Desktop 15SP6 | ASUS RS700-E11-RS4U on Intel® Xeon® Gold 5416S | ||||||||
| SUSE Linux Enterprise Base Container Image 15SP6 | SUSE Linux Enterprise Base Container Image 15SP6 | ASUS RS700-E11-RS4U on Intel® Xeon® Gold 5416S | ||||||||
| SUSE Linux Enterprise Server for SAP 15SP6 | SUSE Linux Enterprise Server for SAP 15SP6 | SuperMicro SuperChassis 825BTQCR1K23LPB and Motherboard H12DSi-NT6 on AMD EPYC™ 7343 | ||||||||
| SUSE Linux Enterprise Desktop 15SP6 | SUSE Linux Enterprise Desktop 15SP6 | SuperMicro SuperChassis 825BTQCR1K23LPB and Motherboard H12DSi-NT6 on AMD EPYC™ 7343 | ||||||||
| SUSE Linux Enterprise Base Container Image 15SP6 | SUSE Linux Enterprise Base Container Image 15SP6 | SuperMicro SuperChassis 825BTQCR1K23LPB and Motherboard H12DSi-NT6 on AMD EPYC™ 7343 | ||||||||
| SUSE Linux Enterprise Server for SAP 15SP6 | SUSE Linux Enterprise Server for SAP 15SP6 | IBM z16 A01 on IBM® Telum™ | ||||||||
| SUSE Linux Enterprise Base Container Image 15SP6 | SUSE Linux Enterprise Base Container Image 15SP6 | IBM z16 A01 on IBM® Telum™ | ||||||||
| SUSE Linux Enterprise Server 15SP6 | SUSE Linux Enterprise Server 15SP6 | IBM LinuxONE III Model LT1 QEMU VM on z15 | ||||||||
| SUSE Linux Enterprise Base Container Image 15SP6 | SUSE Linux Enterprise Base Container Image 15SP6 | IBM LinuxONE III Model LT1 QEMU VM on z15 |
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module 1.0 N/A Table 2: Tested Module Identification
| Name | Operating System | Hardware Platform | Software Version | Processor | Paa Pai | Hypervisor |
|---|---|---|---|---|---|---|
| SUSE Linux Enterprise Server 15 SP6 | SUSE Linux Enterprise Server 15 SP6 | ASUS RS700-E11- RS4U | 1.0 | Intel® Xeon® Gold 5416S | Yes | N/A |
| SUSE Linux Enterprise Server 15 SP6 | SUSE Linux Enterprise Server 15 SP6 | ASUS RS700-E11- RS4U | 1.0 | Intel® Xeon® Gold 5416S | No | N/A |
| SUSE Linux Enterprise Server for SAP 15SP6 | SUSE Linux Enterprise Server for SAP 15SP6 | ASUS RS700-E11-RS4U on Intel® Xeon® Gold 5416S | ||||
| SUSE Linux Enterprise Desktop 15SP6 | SUSE Linux Enterprise Desktop 15SP6 | ASUS RS700-E11-RS4U on Intel® Xeon® Gold 5416S | ||||
| SUSE Linux Enterprise Base Container Image 15SP6 | SUSE Linux Enterprise Base Container Image 15SP6 | ASUS RS700-E11-RS4U on Intel® Xeon® Gold 5416S | ||||
| SUSE Linux Enterprise Server for SAP 15SP6 | SUSE Linux Enterprise Server for SAP 15SP6 | SuperMicro SuperChassis 825BTQCR1K23LPB and Motherboard H12DSi-NT6 on AMD EPYC™ 7343 | ||||
| SUSE Linux Enterprise Desktop 15SP6 | SUSE Linux Enterprise Desktop 15SP6 | SuperMicro SuperChassis 825BTQCR1K23LPB and Motherboard H12DSi-NT6 on AMD EPYC™ 7343 | ||||
| SUSE Linux Enterprise Base Container Image 15SP6 | SUSE Linux Enterprise Base Container Image 15SP6 | SuperMicro SuperChassis 825BTQCR1K23LPB and Motherboard H12DSi-NT6 on AMD EPYC™ 7343 | ||||
| SUSE Linux Enterprise Server for SAP 15SP6 | SUSE Linux Enterprise Server for SAP 15SP6 | IBM z16 A01 on IBM® Telum™ | ||||
| SUSE Linux Enterprise Base Container Image 15SP6 | SUSE Linux Enterprise Base Container Image 15SP6 | IBM z16 A01 on IBM® Telum™ | ||||
| SUSE Linux Enterprise Server 15SP6 | SUSE Linux Enterprise Server 15SP6 | IBM LinuxONE III Model LT1 QEMU VM on z15 | ||||
| SUSE Linux Enterprise Base Container Image 15SP6 | SUSE Linux Enterprise Base Container Image 15SP6 | IBM LinuxONE III Model LT1 QEMU VM on z15 | ||||
| SUSE Linux Enterprise Server Real Time 15SP6 | SUSE Linux Enterprise Server Real Time 15SP6 | QEMU VM on AMD EPYC™ 7773X | ||||
| SUSE Linux Enterprise Server for SAP 15SP6 | SUSE Linux Enterprise Server for SAP 15SP6 | QEMU VM on AMD EPYC™ 7773X | ||||
| SUSE Linux Enterprise Base Container Image 15SP6 | SUSE Linux Enterprise Base Container Image 15SP6 | QEMU VM on AMD EPYC™ 7773X | ||||
| SUSE Linux Enterprise Server 15SP6 | SUSE Linux Enterprise Server 15SP6 | QEMU VM on AMD EPYC™ 7773X | ||||
| SUSE Linux Enterprise Desktop 15SP6 | SUSE Linux Enterprise Desktop 15SP6 | QEMU VM on Intel® i7-1195G7 | ||||
| SUSE Linux Enterprise Base Container Image 15SP6 | SUSE Linux Enterprise Base Container Image 15SP6 | GIGABYTE R152-P30 on Ampere® Altra® Q80-30 | ||||
| SUSE Linux Enterprise Server for SAP 15SP6 | SUSE Linux Enterprise Server for SAP 15SP6 | QEMU VM on Ampere® Altra® Q80-30 | ||||
| SUSE Linux Enterprise Base Container Image 15SP6 | SUSE Linux Enterprise Base Container Image 15SP6 | QEMU VM on Ampere® Altra® Q80-30 | ||||
| SUSE Linux Enterprise Server 15SP6 | SUSE Linux Enterprise Server 15SP6 | QEMU VM on Ampere® Altra® Q80-30 | ||||
| SUSE Linux Enterprise Server 15SP6 | SUSE Linux Enterprise Server 15SP6 | QEMU VM on Intel® Xeon® Gold 6338 | ||||
| SUSE Linux Enterprise Server for SAP 15SP6 | SUSE Linux Enterprise Server for SAP 15SP6 | QEMU VM on Intel® Xeon® Gold 5218R | ||||
| SUSE Linux Enterprise Server for SAP 15SP7 | SUSE Linux Enterprise Server for SAP 15SP7 | ASUS RS700-E11-RS4U on Intel® Xeon® Gold 5416S | ||||
| SUSE Linux Enterprise Server for SAP 15SP7 | SUSE Linux Enterprise Server for SAP 15SP7 | SuperMicro SuperChassis 825BTQCR1K23LPB and Motherboard H12DSi-NT6 on AMD EPYC™ 7343 | ||||
| SUSE Linux Enterprise Desktop 15SP7 | SUSE Linux Enterprise Desktop 15SP7 | ASUS RS700-E11-RS4U on Intel® Xeon® Gold 5416S | ||||
| SUSE Linux Enterprise Desktop 15SP7 | SUSE Linux Enterprise Desktop 15SP7 | SuperMicro SuperChassis 825BTQCR1K23LPB and Motherboard H12DSi-NT6 on AMD EPYC™ 7343 | ||||
| SUSE Linux Enterprise Base Container Image 15SP7 | SUSE Linux Enterprise Base Container Image 15SP7 | ASUS RS700-E11-RS4U on Intel® Xeon® Gold 5416S | ||||
| SUSE Linux Enterprise Base Container Image 15SP7 | SUSE Linux Enterprise Base Container Image 15SP7 | SuperMicro SuperChassis 825BTQCR1K23LPB and Motherboard H12DSi-NT6 on AMD EPYC™ 7343 | ||||
| SUSE Linux Enterprise Base Container Image 15SP7 | SUSE Linux Enterprise Base Container Image 15SP7 | GIGABYTE R152-P30 on Ampere® Altra® Q80-30 | ||||
| SUSE Linux Enterprise Base Container Image 15SP7 | SUSE Linux Enterprise Base Container Image 15SP7 | IBM z16 A01 on IBM® Telum™ | ||||
| SUSE Linux Enterprise Base Container Image 15SP7 | SUSE Linux Enterprise Base Container Image 15SP7 | IBM LinuxONE III Model LT1 on z15 | ||||
| SUSE Linux Enterprise Server 15SP7 | SUSE Linux Enterprise Server 15SP7 | IBM LinuxONE III Model LT1 on z15 | ||||
| SUSE Linux Enterprise Server 15SP7 | SUSE Linux Enterprise Server 15SP7 | IBM z16 A01 on IBM® Telum™ | ||||
| SUSE Linux Enterprise Server 15SP7 | SUSE Linux Enterprise Server 15SP7 | ASUS RS700-E11-RS4U on Intel® Xeon® Gold 5416S | ||||
| SUSE Linux Enterprise Server 15SP7 | SUSE Linux Enterprise Server 15SP7 | SuperMicro SuperChassis 825BTQCR1K23LPB and Motherboard H12DSi-NT6 on AMD EPYC™ 7343 | ||||
| SUSE Linux Enterprise Server 15SP7 | SUSE Linux Enterprise Server 15SP7 | GIGABYTE R152-P30 on Ampere® Altra® Q80-30 |
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module N/A 1.0 N/A 1.0 Table 3: Tested Operational Environments - Software, Firmware, Hybrid Vendor-Affirmed Operational Environments - Software, Firmware, Hybrid: © 2025 SUSE, LLC/atsec information security corporation.
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module © 2025 SUSE, LLC/atsec information security corporation.
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module Table 4: Vendor-Affirmed Operational Environments - Software, Firmware, Hybrid The module is considered to maintain compliance with the FIPS 140-3 validation for SUSE products when operating on any general-purpose platform/processor that supports the SUSE Linux Enterprise Server operating system per the vendor affirmation from SUSE based on the allowance FIPS 140-3 management manual [FIPS140-3_MM] section 7.9.1 bullet 1 a i). CMVP makes no statement as to the correct operation of the module or the security strengths of the generated keys when so ported if the specific operational environment is not listed on the validation certificate.
There are no components excluded from the requirements of the FIPS 140-3 standard.
Modes List and Description: © 2025 SUSE, LLC/atsec information security corporation.
| Name | Description | Indicator | Type |
|---|---|---|---|
| Non- approved mode | Automatically entered whenever a non-approved service is requested | Equivalent to the indicator of the requested service | Non- Approved |
| Name | CAVP Cert | Properties | Reference |
|---|---|---|---|
| AES-CBC | A5398 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-CBC | A5399 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-CBC | A5400 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-CBC | A5401 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-CBC | A5402 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-CBC | A5403 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-CBC | A5658 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-CBC-CS1 | A5398 | Direction - decrypt, encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-CBC-CS1 | A5399 | Direction - decrypt, encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-CBC-CS1 | A5400 | Direction - decrypt, encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-CBC-CS1 | A5401 | Direction - decrypt, encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-CBC-CS1 | A5402 | Direction - decrypt, encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-CBC-CS1 | A5403 | Direction - decrypt, encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-CBC-CS1 | A5658 | Direction - decrypt, encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-CBC-CS2 | A5398 | Direction - decrypt, encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-CBC-CS2 | A5399 | Direction - decrypt, encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-CBC-CS2 | A5400 | Direction - decrypt, encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-CBC-CS2 | A5401 | Direction - decrypt, encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-CBC-CS2 | A5402 | Direction - decrypt, encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-CBC-CS2 | A5403 | Direction - decrypt, encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-CBC-CS2 | A5658 | Direction - decrypt, encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-CBC-CS3 | A5398 | Direction - decrypt, encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-CBC-CS3 | A5399 | Direction - decrypt, encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-CBC-CS3 | A5400 | Direction - decrypt, encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-CBC-CS3 | A5401 | Direction - decrypt, encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-CBC-CS3 | A5402 | Direction - decrypt, encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-CBC-CS3 | A5403 | Direction - decrypt, encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-CBC-CS3 | A5658 | Direction - decrypt, encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-CCM | A5398 | Key Length - 128, 192, 256 | SP 800-38C |
| AES-CCM | A5399 | Key Length - 128, 192, 256 | SP 800-38C |
| AES-CCM | A5400 | Key Length - 128, 192, 256 | SP 800-38C |
| AES-CCM | A5401 | Key Length - 128, 192, 256 | SP 800-38C |
| AES-CCM | A5402 | Key Length - 128, 192, 256 | SP 800-38C |
| AES-CCM | A5403 | Key Length - 128, 192, 256 | SP 800-38C |
| AES-CCM | A5658 | Key Length - 128, 192, 256 | SP 800-38C |
| AES-CFB1 | A5398 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-CFB1 | A5399 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-CFB1 | A5400 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-CFB1 | A5401 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-CFB1 | A5402 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-CFB1 | A5403 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-CFB1 | A5658 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-CFB128 | A5398 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-CFB128 | A5399 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-CFB128 | A5400 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-CFB128 | A5401 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-CFB128 | A5402 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-CFB128 | A5403 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-CFB128 | A5658 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-CFB8 | A5398 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-CFB8 | A5399 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-CFB8 | A5400 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-CFB8 | A5401 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-CFB8 | A5402 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-CFB8 | A5403 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-CFB8 | A5658 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-CMAC | A5398 | Capabilities - Direction - Generation, Verification Key Length - 128, 192, 256 | SP 800-38B |
| AES-CMAC | A5399 | Capabilities - Direction - Generation, Verification Key Length - 128, 192, 256 | SP 800-38B |
| AES-CMAC | A5400 | Capabilities - Direction - Generation, Verification Key Length - 128, 192, 256 | SP 800-38B |
| AES-CMAC | A5401 | Capabilities - Direction - Generation, Verification Key Length - 128, 192, 256 | SP 800-38B |
| AES-CMAC | A5402 | Capabilities - Direction - Generation, Verification Key Length - 128, 192, 256 | SP 800-38B |
| AES-CMAC | A5403 | Capabilities - Direction - Generation, Verification Key Length - 128, 192, 256 | SP 800-38B |
| AES-CMAC | A5658 | Capabilities - Direction - Generation, Verification Key Length - 128, 192, 256 | SP 800-38B |
| AES-CTR | A5398 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-CTR | A5399 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-CTR | A5400 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-CTR | A5401 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-CTR | A5402 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-CTR | A5403 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-CTR | A5658 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-ECB | A5398 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-ECB | A5399 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-ECB | A5400 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-ECB | A5401 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-ECB | A5402 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-ECB | A5403 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-ECB | A5658 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-ECB | A5884 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-ECB | A5893 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-ECB | A5894 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-ECB | A5895 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-ECB | A5896 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-ECB | A5900 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-GCM | A5870 | Direction - Decrypt, Encrypt IV Generation - External, Internal Key Length - 128, 192, 256 IV Generation Mode - 8.2.2 | SP 800-38D |
| AES-GCM | A5871 | Direction - Decrypt, Encrypt IV Generation - External, Internal Key Length - 128, 192, 256 IV Generation Mode - 8.2.2 | SP 800-38D |
| AES-GCM | A5872 | Direction - Decrypt, Encrypt IV Generation - External, Internal Key Length - 128, 192, 256 IV Generation Mode - 8.2.2 | SP 800-38D |
| AES-GCM | A5873 | Direction - Decrypt, Encrypt IV Generation - External, Internal Key Length - 128, 192, 256 IV Generation Mode - 8.2.2 | SP 800-38D |
| AES-GCM | A5874 | Direction - Decrypt, Encrypt IV Generation - External, Internal Key Length - 128, 192, 256 IV Generation Mode - 8.2.2 | SP 800-38D |
| AES-GCM | A5875 | Direction - Decrypt, Encrypt IV Generation - External, Internal Key Length - 128, 192, 256 IV Generation Mode - 8.2.2 | SP 800-38D |
| AES-GCM | A5880 | Direction - Decrypt, Encrypt IV Generation - External, Internal Key Length - 128, 192, 256 IV Generation Mode - 8.2.2 | SP 800-38D |
| AES-GCM | A5881 | Direction - Decrypt, Encrypt IV Generation - External, Internal Key Length - 128, 192, 256 IV Generation Mode - 8.2.2 | SP 800-38D |
| AES-GCM | A5882 | Direction - Decrypt, Encrypt IV Generation - External, Internal Key Length - 128, 192, 256 IV Generation Mode - 8.2.2 | SP 800-38D |
| AES-GCM | A5886 | Direction - Decrypt, Encrypt IV Generation - External, Internal Key Length - 128, 192, 256 IV Generation Mode - 8.2.2 | SP 800-38D |
| AES-GCM | A5887 | Direction - Decrypt, Encrypt IV Generation - External, Internal Key Length - 128, 192, 256 IV Generation Mode - 8.2.2 | SP 800-38D |
| AES-GCM | A5888 | Direction - Decrypt, Encrypt IV Generation - External, Internal Key Length - 128, 192, 256 IV Generation Mode - 8.2.2 | SP 800-38D |
| AES-GCM | A5903 | Direction - Decrypt, Encrypt IV Generation - External, Internal Key Length - 128, 192, 256 IV Generation Mode - 8.2.2 | SP 800-38D |
| AES-GCM | A5904 | Direction - Decrypt, Encrypt IV Generation - External, Internal Key Length - 128, 192, 256 IV Generation Mode - 8.2.2 | SP 800-38D |
| AES-GCM | A5905 | Direction - Decrypt, Encrypt IV Generation - External, Internal Key Length - 128, 192, 256 IV Generation Mode - 8.2.2 | SP 800-38D |
| AES-GMAC | A5870 | Direction - Decrypt, Encrypt IV Generation - External Key Length - 128, 192, 256 | SP 800-38D |
| AES-GMAC | A5871 | Direction - Decrypt, Encrypt IV Generation - External Key Length - 128, 192, 256 | SP 800-38D |
| AES-GMAC | A5872 | Direction - Decrypt, Encrypt IV Generation - External Key Length - 128, 192, 256 | SP 800-38D |
| AES-GMAC | A5873 | Direction - Decrypt, Encrypt IV Generation - External Key Length - 128, 192, 256 | SP 800-38D |
| AES-GMAC | A5874 | Direction - Decrypt, Encrypt IV Generation - External Key Length - 128, 192, 256 | SP 800-38D |
| AES-GMAC | A5875 | Direction - Decrypt, Encrypt IV Generation - External Key Length - 128, 192, 256 | SP 800-38D |
| AES-GMAC | A5880 | Direction - Decrypt, Encrypt IV Generation - External Key Length - 128, 192, 256 | SP 800-38D |
| AES-GMAC | A5881 | Direction - Decrypt, Encrypt IV Generation - External Key Length - 128, 192, 256 | SP 800-38D |
| AES-GMAC | A5882 | Direction - Decrypt, Encrypt IV Generation - External Key Length - 128, 192, 256 | SP 800-38D |
| AES-GMAC | A5886 | Direction - Decrypt, Encrypt IV Generation - External Key Length - 128, 192, 256 | SP 800-38D |
| AES-GMAC | A5887 | Direction - Decrypt, Encrypt IV Generation - External Key Length - 128, 192, 256 | SP 800-38D |
| AES-GMAC | A5888 | Direction - Decrypt, Encrypt IV Generation - External Key Length - 128, 192, 256 | SP 800-38D |
| AES-GMAC | A5903 | Direction - Decrypt, Encrypt IV Generation - External Key Length - 128, 192, 256 | SP 800-38D |
| AES-GMAC | A5904 | Direction - Decrypt, Encrypt IV Generation - External Key Length - 128, 192, 256 | SP 800-38D |
| AES-GMAC | A5905 | Direction - Decrypt, Encrypt IV Generation - External Key Length - 128, 192, 256 | SP 800-38D |
| AES-KW | A5398 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38F |
| AES-KW | A5399 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38F |
| AES-KW | A5400 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38F |
| AES-KW | A5401 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38F |
| AES-KW | A5402 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38F |
| AES-KW | A5403 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38F |
| AES-KW | A5658 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38F |
| AES-KWP | A5398 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38F |
| AES-KWP | A5399 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38F |
| AES-KWP | A5400 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38F |
| AES-KWP | A5401 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38F |
| AES-KWP | A5402 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38F |
| AES-KWP | A5403 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38F |
| AES-KWP | A5658 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38F |
| AES-OFB | A5398 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-OFB | A5399 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-OFB | A5400 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-OFB | A5401 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-OFB | A5402 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-OFB | A5403 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-OFB | A5658 | Direction - Decrypt, Encrypt Key Length - 128, 192, 256 | SP 800-38A |
| AES-XTS Testing Revision 2.0 | A5398 | Direction - Decrypt, Encrypt Key Length - 128, 256 | SP 800-38E |
| AES-XTS Testing Revision 2.0 | A5399 | Direction - Decrypt, Encrypt Key Length - 128, 256 | SP 800-38E |
| AES-XTS Testing Revision 2.0 | A5400 | Direction - Decrypt, Encrypt Key Length - 128, 256 | SP 800-38E |
| AES-XTS Testing Revision 2.0 | A5401 | Direction - Decrypt, Encrypt Key Length - 128, 256 | SP 800-38E |
| AES-XTS Testing Revision 2.0 | A5402 | Direction - Decrypt, Encrypt Key Length - 128, 256 | SP 800-38E |
| AES-XTS Testing Revision 2.0 | A5403 | Direction - Decrypt, Encrypt Key Length - 128, 256 | SP 800-38E |
| AES-XTS Testing Revision 2.0 | A5658 | Direction - Decrypt, Encrypt Key Length - 128, 256 | SP 800-38E |
| Counter DRBG | A5397 | Prediction Resistance - No, Yes Capabilities - Mode - AES-128 Derivation Function Enabled - Yes | SP 800-90A Rev. 1 |
| ECDSA KeyGen (FIPS186-5) | A5868 | Curve - P-224, P-256, P-384, P-521 Secret Generation Mode - testing candidates | FIPS 186-5 |
| ECDSA KeyGen (FIPS186-5) | A5876 | Curve - P-224, P-256, P-384, P-521 Secret Generation Mode - testing candidates | FIPS 186-5 |
| ECDSA KeyGen (FIPS186-5) | A5877 | Curve - P-224, P-256, P-384, P-521 Secret Generation Mode - testing candidates | FIPS 186-5 |
| ECDSA KeyGen (FIPS186-5) | A5878 | Curve - P-224, P-256, P-384, P-521 Secret Generation Mode - testing candidates | FIPS 186-5 |
| ECDSA KeyGen (FIPS186-5) | A5879 | Curve - P-224, P-256, P-384, P-521 Secret Generation Mode - testing candidates | FIPS 186-5 |
| ECDSA KeyGen (FIPS186-5) | A5883 | Curve - P-224, P-256, P-384, P-521 Secret Generation Mode - testing candidates | FIPS 186-5 |
| ECDSA KeyGen (FIPS186-5) | A5889 | Curve - P-224, P-256, P-384, P-521 Secret Generation Mode - testing candidates | FIPS 186-5 |
| ECDSA KeyVer (FIPS186-5) | A5868 | Curve - P-224, P-256, P-384, P-521 | FIPS 186-5 |
| ECDSA KeyVer (FIPS186-5) | A5876 | Curve - P-224, P-256, P-384, P-521 | FIPS 186-5 |
| ECDSA KeyVer (FIPS186-5) | A5877 | Curve - P-224, P-256, P-384, P-521 | FIPS 186-5 |
| ECDSA KeyVer (FIPS186-5) | A5878 | Curve - P-224, P-256, P-384, P-521 | FIPS 186-5 |
| ECDSA KeyVer (FIPS186-5) | A5879 | Curve - P-224, P-256, P-384, P-521 | FIPS 186-5 |
| ECDSA KeyVer (FIPS186-5) | A5883 | Curve - P-224, P-256, P-384, P-521 | FIPS 186-5 |
| ECDSA KeyVer (FIPS186-5) | A5889 | Curve - P-224, P-256, P-384, P-521 | FIPS 186-5 |
| ECDSA SigGen (FIPS186-5) | A5868 | Capabilities - Curve - P-224, P-256, P-384, P-521 Hash Algorithm - SHA2-224, SHA2-256, SHA2- 384, SHA2-512, SHA2-512/224, SHA2-512/256 Component - No, Yes | FIPS 186-5 |
| ECDSA SigGen (FIPS186-5) | A5869 | Capabilities - Curve - P-224, P-256, P-384, P-521 Hash Algorithm - SHA3-224, SHA3-256, SHA3- 384, SHA3-512 Component - No, Yes | FIPS 186-5 |
| ECDSA SigGen (FIPS186-5) | A5876 | Capabilities - Curve - P-224, P-256, P-384, P-521 Hash Algorithm - SHA2-224, SHA2-256, SHA2- 384, SHA2-512, SHA2-512/224, SHA2-512/256 Component - No, Yes | FIPS 186-5 |
| ECDSA SigGen (FIPS186-5) | A5877 | Capabilities - Curve - P-224, P-256, P-384, P-521 Hash Algorithm - SHA2-224, SHA2-256, SHA2- 384, SHA2-512, SHA2-512/224, SHA2-512/256 Component - No, Yes | FIPS 186-5 |
| ECDSA SigGen (FIPS186-5) | A5878 | Capabilities - Curve - P-224, P-256, P-384, P-521 Hash Algorithm - SHA2-224, SHA2-256, SHA2- 384, SHA2-512, SHA2-512/224, SHA2-512/256 Component - No, Yes | FIPS 186-5 |
| ECDSA SigGen (FIPS186-5) | A5879 | Capabilities - Curve - P-224, P-256, P-384, P-521 Hash Algorithm - SHA2-224, SHA2-256, SHA2- 384, SHA2-512, SHA2-512/224, SHA2-512/256 Component - No, Yes | FIPS 186-5 |
| ECDSA SigGen (FIPS186-5) | A5883 | Capabilities - Curve - P-224, P-256, P-384, P-521 Hash Algorithm - SHA2-224, SHA2-256, SHA2- 384, SHA2-512, SHA2-512/224, SHA2-512/256 Component - No, Yes | FIPS 186-5 |
| ECDSA SigGen (FIPS186-5) | A5885 | Capabilities - Curve - P-224, P-256, P-384, P-521 Hash Algorithm - SHA3-224, SHA3-256, SHA3- 384, SHA3-512 Component - No, Yes | FIPS 186-5 |
| ECDSA SigGen (FIPS186-5) | A5889 | Capabilities - Curve - P-224, P-256, P-384, P-521 Hash Algorithm - SHA2-224, SHA2-256, SHA2- 384, SHA2-512, SHA2-512/224, SHA2-512/256 Component - No, Yes | FIPS 186-5 |
| ECDSA SigVer (FIPS186-5) | A5868 | Capabilities - Curve - P-224, P-256, P-384, P-521 Hash Algorithm - SHA2-224, SHA2-256, SHA2- 384, SHA2-512, SHA2-512/224, SHA2-512/256 | FIPS 186-5 |
| ECDSA SigVer (FIPS186-5) | A5869 | Capabilities - Curve - P-224, P-256, P-384, P-521 Hash Algorithm - SHA3-224, SHA3-256, SHA3- 384, SHA3-512 | FIPS 186-5 |
| ECDSA SigVer (FIPS186-5) | A5876 | Capabilities - Curve - P-224, P-256, P-384, P-521 | FIPS 186-5 |
| ECDSA SigVer (FIPS186-5) | A5877 | Capabilities - Curve - P-224, P-256, P-384, P-521 Hash Algorithm - SHA2-224, SHA2-256, SHA2- 384, SHA2-512, SHA2-512/224, SHA2-512/256 | FIPS 186-5 |
| ECDSA SigVer (FIPS186-5) | A5878 | Capabilities - Curve - P-224, P-256, P-384, P-521 Hash Algorithm - SHA2-224, SHA2-256, SHA2- 384, SHA2-512, SHA2-512/224, SHA2-512/256 | FIPS 186-5 |
| ECDSA SigVer (FIPS186-5) | A5879 | Capabilities - Curve - P-224, P-256, P-384, P-521 Hash Algorithm - SHA2-224, SHA2-256, SHA2- 384, SHA2-512, SHA2-512/224, SHA2-512/256 | FIPS 186-5 |
| ECDSA SigVer (FIPS186-5) | A5883 | Capabilities - Curve - P-224, P-256, P-384, P-521 Hash Algorithm - SHA2-224, SHA2-256, SHA2- 384, SHA2-512, SHA2-512/224, SHA2-512/256 | FIPS 186-5 |
| ECDSA SigVer (FIPS186-5) | A5885 | Capabilities - Curve - P-224, P-256, P-384, P-521 Hash Algorithm - SHA3-224, SHA3-256, SHA3- 384, SHA3-512 | FIPS 186-5 |
| ECDSA SigVer (FIPS186-5) | A5889 | Capabilities - Curve - P-224, P-256, P-384, P-521 Hash Algorithm - SHA2-224, SHA2-256, SHA2- 384, SHA2-512, SHA2-512/224, SHA2-512/256 | FIPS 186-5 |
| Hash DRBG | A5397 | Prediction Resistance - No, Yes Capabilities - Mode - SHA-1 | SP 800-90A Rev. 1 |
| HMAC DRBG | A5397 | Prediction Resistance - No, Yes Capabilities - Mode - SHA-1 | SP 800-90A Rev. 1 |
| HMAC-SHA-1 | A5868 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA-1 | A5876 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA-1 | A5877 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA-1 | A5878 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA-1 | A5879 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA-1 | A5883 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA-1 | A5889 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2- 224 | A5868 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2- 224 | A5876 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2- 224 | A5877 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2- 224 | A5878 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2- 224 | A5879 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2- 224 | A5883 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2- 224 | A5889 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2- 256 | A5864 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2- 256 | A5868 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2- 256 | A5876 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2- 256 | A5877 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2- 256 | A5878 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2- 256 | A5879 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2- 256 | A5883 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2- 256 | A5889 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2- 384 | A5868 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2- 384 | A5876 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2- 384 | A5877 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2- 384 | A5878 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2- 384 | A5879 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2- 384 | A5883 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2- 384 | A5889 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2- 512 | A5868 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2- 512 | A5876 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2- 512 | A5877 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2- 512 | A5878 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2- 512 | A5879 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2- 512 | A5883 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2- 512 | A5889 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2- 512/224 | A5868 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2- 512/224 | A5876 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2- 512/224 | A5877 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2- 512/224 | A5878 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2- 512/224 | A5879 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2- 512/224 | A5883 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2- 512/224 | A5889 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2- 512/256 | A5868 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2- 512/256 | A5876 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2- 512/256 | A5877 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2- 512/256 | A5878 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2- 512/256 | A5879 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2- 512/256 | A5883 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA2- 512/256 | A5889 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA3- 224 | A5869 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA3- 224 | A5885 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA3- 256 | A5869 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA3- 256 | A5885 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA3- 384 | A5869 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA3- 384 | A5885 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA3- 512 | A5869 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| HMAC-SHA3- 512 | A5885 | Key Length - Key Length: 112-524288 Increment 8 | FIPS 198-1 |
| KAS-ECC-SSC Sp800-56Ar3 | A5868 | Domain Parameter Generation Methods - P-224, P-256, P-384, P-521 Scheme - ephemeralUnified - KAS Role - initiator, responder | SP 800-56A Rev. 3 |
| KAS-ECC-SSC Sp800-56Ar3 | A5876 | Domain Parameter Generation Methods - P-224, P-256, P-384, P-521 Scheme - ephemeralUnified - KAS Role - initiator, responder | SP 800-56A Rev. 3 |
| KAS-ECC-SSC Sp800-56Ar3 | A5877 | Domain Parameter Generation Methods - P-224, P-256, P-384, P-521 Scheme - ephemeralUnified - KAS Role - initiator, responder | SP 800-56A Rev. 3 |
| KAS-ECC-SSC Sp800-56Ar3 | A5878 | Domain Parameter Generation Methods - P-224, P-256, P-384, P-521 Scheme - ephemeralUnified - KAS Role - initiator, responder | SP 800-56A Rev. 3 |
| KAS-ECC-SSC Sp800-56Ar3 | A5879 | Domain Parameter Generation Methods - P-224, P-256, P-384, P-521 Scheme - | SP 800-56A Rev. 3 |
| KAS-ECC-SSC Sp800-56Ar3 | A5883 | Domain Parameter Generation Methods - P-224, P-256, P-384, P-521 Scheme - ephemeralUnified - KAS Role - initiator, responder | SP 800-56A Rev. 3 |
| KAS-ECC-SSC Sp800-56Ar3 | A5889 | Domain Parameter Generation Methods - P-224, P-256, P-384, P-521 Scheme - ephemeralUnified - KAS Role - initiator, responder | SP 800-56A Rev. 3 |
| KAS-FFC-SSC Sp800-56Ar3 | A5898 | Domain Parameter Generation Methods - ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192, MODP-2048, MODP-3072, MODP- 4096, MODP-6144, MODP-8192 Scheme - dhEphem - KAS Role - initiator, responder | SP 800-56A Rev. 3 |
| KAS-IFC-SSC | A5868 | Modulo - 2048, 3072, 4096, 6144, 8192 Key Generation Methods - rsakpg1-basic, rsakpg1-crt, rsakpg1-prime-factor, rsakpg2-basic, rsakpg2-crt, rsakpg2-prime-factor Scheme - KAS1 - KAS Role - initiator, responder KAS2 - KAS Role - initiator, responder | SP 800-56A Rev. 3 |
| KAS-IFC-SSC | A5876 | Modulo - 2048, 3072, 4096, 6144, 8192 Key Generation Methods - rsakpg1-basic, rsakpg1-crt, rsakpg1-prime-factor, rsakpg2-basic, rsakpg2-crt, rsakpg2-prime-factor Scheme - KAS1 - KAS Role - initiator, responder KAS2 - KAS Role - initiator, responder | SP 800-56A Rev. 3 |
| KAS-IFC-SSC | A5877 | Modulo - 2048, 3072, 4096, 6144, 8192 Key Generation Methods - rsakpg1-basic, rsakpg1-crt, rsakpg1-prime-factor, rsakpg2-basic, rsakpg2-crt, rsakpg2-prime-factor Scheme - KAS1 - KAS Role - initiator, responder | SP 800-56A Rev. 3 |
| KAS-IFC-SSC | A5878 | Modulo - 2048, 3072, 4096, 6144, 8192 Key Generation Methods - rsakpg1-basic, rsakpg1-crt, rsakpg1-prime-factor, rsakpg2-basic, rsakpg2-crt, rsakpg2-prime-factor Scheme - KAS1 - KAS Role - initiator, responder KAS2 - KAS Role - initiator, responder | SP 800-56A Rev. 3 |
| KAS-IFC-SSC | A5879 | Modulo - 2048, 3072, 4096, 6144, 8192 Key Generation Methods - rsakpg1-basic, rsakpg1-crt, rsakpg1-prime-factor, rsakpg2-basic, rsakpg2-crt, rsakpg2-prime-factor Scheme - KAS1 - KAS Role - initiator, responder KAS2 - KAS Role - initiator, responder | SP 800-56A Rev. 3 |
| KAS-IFC-SSC | A5883 | Modulo - 2048, 3072, 4096, 6144, 8192 Key Generation Methods - rsakpg1-basic, rsakpg1-crt, rsakpg1-prime-factor, rsakpg2-basic, rsakpg2-crt, rsakpg2-prime-factor Scheme - KAS1 - KAS Role - initiator, responder KAS2 - KAS Role - initiator, responder | SP 800-56A Rev. 3 |
| KAS-IFC-SSC | A5889 | Modulo - 2048, 3072, 4096, 6144, 8192 Key Generation Methods - rsakpg1-basic, rsakpg1-crt, rsakpg1-prime-factor, rsakpg2-basic, rsakpg2-crt, rsakpg2-prime-factor Scheme - KAS1 - KAS Role - initiator, responder KAS2 - KAS Role - initiator, responder | SP 800-56A Rev. 3 |
| KDA HKDF SP800-56Cr2 | A5863 | Derived Key Length - 2048 Shared Secret Length - Shared Secret Length: 224-8192 Increment 8 HMAC Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA2-512/224, SHA2- 512/256, SHA3-224, SHA3-256, SHA3-384, SHA3- 512 | SP 800-56C Rev. 2 |
| KDA OneStep SP800-56Cr2 | A5897 | Derived Key Length - 2048 Shared Secret Length - Shared Secret Length: 224-2048 Increment 8 | SP 800-56C Rev. 2 |
| KDA TwoStep SP800-56Cr2 | A5897 | Capabilities - MAC Salting Methods - default, random KDF Mode - feedback Derived Key Length - 2048 Shared Secret Length - Shared Secret Length: 224-2048 Increment 8 | SP 800-56C Rev. 2 |
| KDF ANS 9.42 (CVL) | A5868 | KDF Type - DER Hash Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA2-512/224, SHA2- 512/256 Key Data Length - Key Data Length: 112-4096 Increment 8 | SP 800-135 Rev. 1 |
| KDF ANS 9.42 (CVL) | A5869 | KDF Type - DER Hash Algorithm - SHA3-224, SHA3-256, SHA3- 384, SHA3-512 Key Data Length - Key Data Length: 112-4096 Increment 8 | SP 800-135 Rev. 1 |
| KDF ANS 9.42 (CVL) | A5876 | KDF Type - DER Hash Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA2-512/224, SHA2- 512/256 Key Data Length - Key Data Length: 112-4096 Increment 8 | SP 800-135 Rev. 1 |
| KDF ANS 9.42 (CVL) | A5877 | KDF Type - DER Hash Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA2-512/224, SHA2- 512/256 Key Data Length - Key Data Length: 112-4096 Increment 8 | SP 800-135 Rev. 1 |
| KDF ANS 9.42 (CVL) | A5878 | KDF Type - DER Hash Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA2-512/224, SHA2- 512/256 Key Data Length - Key Data Length: 112-4096 Increment 8 | SP 800-135 Rev. 1 |
| KDF ANS 9.42 (CVL) | A5879 | KDF Type - DER Hash Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA2-512/224, SHA2- 512/256 | SP 800-135 Rev. 1 |
| KDF ANS 9.42 (CVL) | A5883 | KDF Type - DER Hash Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA2-512/224, SHA2- 512/256 Key Data Length - Key Data Length: 112-4096 Increment 8 | SP 800-135 Rev. 1 |
| KDF ANS 9.42 (CVL) | A5885 | KDF Type - DER Hash Algorithm - SHA3-224, SHA3-256, SHA3- 384, SHA3-512 Key Data Length - Key Data Length: 112-4096 Increment 8 | SP 800-135 Rev. 1 |
| KDF ANS 9.42 (CVL) | A5889 | KDF Type - DER Hash Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512, SHA2-512/224, SHA2- 512/256 Key Data Length - Key Data Length: 112-4096 Increment 8 | SP 800-135 Rev. 1 |
| KDF ANS 9.63 (CVL) | A5868 | Hash Algorithm - SHA2-224, SHA2-256, SHA2- 384, SHA2-512, SHA2-512/224, SHA2-512/256 Key Data Length - Key Data Length: 128-4096 Increment 8 | SP 800-135 Rev. 1 |
| KDF ANS 9.63 (CVL) | A5869 | Hash Algorithm - SHA3-224, SHA3-256, SHA3- 384, SHA3-512 Key Data Length - Key Data Length: 128-4096 Increment 8 | SP 800-135 Rev. 1 |
| KDF ANS 9.63 (CVL) | A5876 | Hash Algorithm - SHA2-224, SHA2-256, SHA2- 384, SHA2-512, SHA2-512/224, SHA2-512/256 Key Data Length - Key Data Length: 128-4096 Increment 8 | SP 800-135 Rev. 1 |
| KDF ANS 9.63 (CVL) | A5877 | Hash Algorithm - SHA2-224, SHA2-256, SHA2- 384, SHA2-512, SHA2-512/224, SHA2-512/256 Key Data Length - Key Data Length: 128-4096 Increment 8 | SP 800-135 Rev. 1 |
| KDF ANS 9.63 (CVL) | A5878 | Hash Algorithm - SHA2-224, SHA2-256, SHA2- 384, SHA2-512, SHA2-512/224, SHA2-512/256 Key Data Length - Key Data Length: 128-4096 Increment 8 | SP 800-135 Rev. 1 |
| KDF ANS 9.63 (CVL) | A5879 | Hash Algorithm - SHA2-224, SHA2-256, SHA2- 384, SHA2-512, SHA2-512/224, SHA2-512/256 Key Data Length - Key Data Length: 128-4096 Increment 8 | SP 800-135 Rev. 1 |
| KDF ANS 9.63 (CVL) | A5883 | Hash Algorithm - SHA2-224, SHA2-256, SHA2- 384, SHA2-512, SHA2-512/224, SHA2-512/256 Key Data Length - Key Data Length: 128-4096 Increment 8 | SP 800-135 Rev. 1 |
| KDF ANS 9.63 (CVL) | A5885 | Hash Algorithm - SHA3-224, SHA3-256, SHA3- 384, SHA3-512 Key Data Length - Key Data Length: 128-4096 Increment 8 | SP 800-135 Rev. 1 |
| KDF ANS 9.63 (CVL) | A5889 | Hash Algorithm - SHA2-224, SHA2-256, SHA2- 384, SHA2-512, SHA2-512/224, SHA2-512/256 Key Data Length - Key Data Length: 128-4096 Increment 8 | SP 800-135 Rev. 1 |
| KDF SP800- 108 | A5899 | Capabilities - KDF Mode - Counter Supported Lengths - Supported Lengths: 112- 4096 Increment 8 | SP 800-108 Rev. 1 |
| KDF SSH (CVL) | A5884 | Cipher - AES-128, AES-192, AES-256 Hash Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512 | SP 800-135 Rev. 1 |
| KDF SSH (CVL) | A5893 | Cipher - AES-128, AES-192, AES-256 Hash Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512 | SP 800-135 Rev. 1 |
| KDF SSH (CVL) | A5894 | Cipher - AES-128, AES-192, AES-256 Hash Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512 | SP 800-135 Rev. 1 |
| KDF SSH (CVL) | A5895 | Cipher - AES-128, AES-192, AES-256 Hash Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512 | SP 800-135 Rev. 1 |
| KDF SSH (CVL) | A5896 | Cipher - AES-128, AES-192, AES-256 Hash Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512 | SP 800-135 Rev. 1 |
| KDF SSH (CVL) | A5900 | Cipher - AES-128, AES-192, AES-256 Hash Algorithm - SHA-1, SHA2-224, SHA2-256, SHA2-384, SHA2-512 | SP 800-135 Rev. 1 |
| KTS-IFC | A5868 | Modulo - 2048, 3072, 4096, 6144, 8192 Key Generation Methods - rsakpg1-basic, rsakpg1-crt, rsakpg1-prime-factor, rsakpg2-basic, rsakpg2-crt, rsakpg2-prime-factor Scheme - KTS-OAEP-basic - KAS Role - initiator, responder Key Transport Method - Key Length - 768 | SP 800-56B Rev. 2 |
| KTS-IFC | A5876 | Modulo - 2048, 3072, 4096, 6144, 8192 Key Generation Methods - rsakpg1-basic, rsakpg1-crt, rsakpg1-prime-factor, rsakpg2-basic, rsakpg2-crt, rsakpg2-prime-factor Scheme - KTS-OAEP-basic - KAS Role - initiator, responder Key Transport Method - Key Length - 768 | SP 800-56B Rev. 2 |
| KTS-IFC | A5877 | Modulo - 2048, 3072, 4096, 6144, 8192 Key Generation Methods - rsakpg1-basic, rsakpg1-crt, rsakpg1-prime-factor, rsakpg2-basic, rsakpg2-crt, rsakpg2-prime-factor Scheme - KTS-OAEP-basic - KAS Role - initiator, responder Key Transport Method - Key Length - 768 | SP 800-56B Rev. 2 |
| KTS-IFC | A5878 | Modulo - 2048, 3072, 4096, 6144, 8192 Key Generation Methods - rsakpg1-basic, rsakpg1-crt, rsakpg1-prime-factor, rsakpg2-basic, rsakpg2-crt, rsakpg2-prime-factor Scheme - KTS-OAEP-basic - KAS Role - initiator, responder Key Transport Method - Key Length - 768 | SP 800-56B Rev. 2 |
| KTS-IFC | A5879 | Modulo - 2048, 3072, 4096, 6144, 8192 Key Generation Methods - rsakpg1-basic, rsakpg1-crt, rsakpg1-prime-factor, rsakpg2-basic, rsakpg2-crt, rsakpg2-prime-factor Scheme - KTS-OAEP-basic - KAS Role - initiator, responder Key Transport Method - Key Length - 768 | SP 800-56B Rev. 2 |
| KTS-IFC | A5883 | Modulo - 2048, 3072, 4096, 6144, 8192 Key Generation Methods - rsakpg1-basic, rsakpg1-crt, rsakpg1-prime-factor, rsakpg2-basic, rsakpg2-crt, rsakpg2-prime-factor Scheme - KTS-OAEP-basic - KAS Role - initiator, responder Key Transport Method - Key Length - 768 | SP 800-56B Rev. 2 |
| KTS-IFC | A5889 | Modulo - 2048, 3072, 4096, 6144, 8192 Key Generation Methods - rsakpg1-basic, rsakpg1-crt, rsakpg1-prime-factor, rsakpg2-basic, rsakpg2-crt, rsakpg2-prime-factor Scheme - KTS-OAEP-basic - KAS Role - initiator, responder Key Transport Method - Key Length - 768 | SP 800-56B Rev. 2 |
| PBKDF | A5868 | Capabilities - Iteration Count - Iteration Count: 1000-10000 Increment 1 Password Length - Password Length: 8-128 Increment 1 | SP 800-132 |
| PBKDF | A5869 | Capabilities - Iteration Count - Iteration Count: 1000-10000 Increment 1 Password Length - Password Length: 8-128 Increment 1 | SP 800-132 |
| PBKDF | A5876 | Capabilities - Iteration Count - Iteration Count: 1000-10000 Increment 1 Password Length - Password Length: 8-128 Increment 1 | SP 800-132 |
| PBKDF | A5877 | Capabilities - Iteration Count - Iteration Count: 1000-10000 Increment 1 Password Length - Password Length: 8-128 Increment 1 | SP 800-132 |
| PBKDF | A5878 | Capabilities - Iteration Count - Iteration Count: 1000-10000 Increment 1 Password Length - Password Length: 8-128 Increment 1 | SP 800-132 |
| PBKDF | A5879 | Capabilities - Iteration Count - Iteration Count: 1000-10000 Increment 1 Password Length - Password Length: 8-128 Increment 1 | SP 800-132 |
| PBKDF | A5883 | Capabilities - Iteration Count - Iteration Count: 1000-10000 Increment 1 Password Length - Password Length: 8-128 Increment 1 | SP 800-132 |
| PBKDF | A5885 | Capabilities - Iteration Count - Iteration Count: 1000-10000 Increment 1 Password Length - Password Length: 8-128 Increment 1 | SP 800-132 |
| PBKDF | A5889 | Capabilities - Iteration Count - Iteration Count: 1000-10000 Increment 1 Password Length - Password Length: 8-128 Increment 1 | SP 800-132 |
| RSA KeyGen (FIPS186-5) | A5868 | Capabilities - Key Generation Mode - probableWithProbableAux Properties - Modulo - 2048 Primality Tests - 2powSecStr Private Key Format - standard | FIPS 186-5 |
| RSA KeyGen (FIPS186-5) | A5876 | Capabilities - Key Generation Mode - probableWithProbableAux Properties - Modulo - 2048 Primality Tests - 2powSecStr Private Key Format - standard | FIPS 186-5 |
| RSA KeyGen (FIPS186-5) | A5877 | Capabilities - Key Generation Mode - probableWithProbableAux Properties - Modulo - 2048 Primality Tests - 2powSecStr Private Key Format - standard | FIPS 186-5 |
| RSA KeyGen (FIPS186-5) | A5878 | Capabilities - Key Generation Mode - probableWithProbableAux Properties - Modulo - 2048 | FIPS 186-5 |
| RSA KeyGen (FIPS186-5) | A5879 | Capabilities - Key Generation Mode - probableWithProbableAux Properties - Modulo - 2048 Primality Tests - 2powSecStr Private Key Format - standard | FIPS 186-5 |
| RSA KeyGen (FIPS186-5) | A5883 | Capabilities - Key Generation Mode - probableWithProbableAux Properties - Modulo - 2048 Primality Tests - 2powSecStr Private Key Format - standard | FIPS 186-5 |
| RSA KeyGen (FIPS186-5) | A5889 | Capabilities - Key Generation Mode - probableWithProbableAux Properties - Modulo - 2048 Primality Tests - 2powSecStr Private Key Format - standard | FIPS 186-5 |
| RSA SigGen (FIPS186-5) | A5868 | Capabilities - Properties - Modulo - 2048 Signature Type - pkcs1v1.5 | FIPS 186-5 |
| RSA SigGen (FIPS186-5) | A5869 | Capabilities - Properties - Modulo - 2048 Signature Type - pkcs1v1.5 | FIPS 186-5 |
| RSA SigGen (FIPS186-5) | A5876 | Capabilities - Properties - Modulo - 2048 Signature Type - pkcs1v1.5 | FIPS 186-5 |
| RSA SigGen (FIPS186-5) | A5877 | Capabilities - Properties - Modulo - 2048 Signature Type - pkcs1v1.5 | FIPS 186-5 |
| RSA SigGen (FIPS186-5) | A5878 | Capabilities - Properties - Modulo - 2048 Signature Type - pkcs1v1.5 | FIPS 186-5 |
| RSA SigGen (FIPS186-5) | A5879 | Capabilities - Properties - Modulo - 2048 Signature Type - pkcs1v1.5 | FIPS 186-5 |
| RSA SigGen (FIPS186-5) | A5883 | Capabilities - Properties - Modulo - 2048 Signature Type - pkcs1v1.5 | FIPS 186-5 |
| RSA SigGen (FIPS186-5) | A5885 | Capabilities - Properties - Modulo - 2048 Signature Type - pkcs1v1.5 | FIPS 186-5 |
| RSA SigGen (FIPS186-5) | A5889 | Capabilities - Properties - Modulo - 2048 Signature Type - pkcs1v1.5 | FIPS 186-5 |
| RSA SigVer (FIPS186-2) | A5868 | Capabilities - Signature Type - PKCSPSS Properties - Modulo - 1536 | FIPS 186-4 |
| RSA SigVer (FIPS186-2) | A5876 | Capabilities - Signature Type - PKCS 1.5 Properties - Modulo - 1536 | FIPS 186-4 |
| RSA SigVer (FIPS186-2) | A5877 | Capabilities - Signature Type - PKCS 1.5 Properties - Modulo - 1536 | FIPS 186-4 |
| RSA SigVer (FIPS186-2) | A5878 | Capabilities - Signature Type - PKCS 1.5 Properties - Modulo - 1536 | FIPS 186-4 |
| RSA SigVer (FIPS186-2) | A5879 | Capabilities - Signature Type - PKCS 1.5 Properties - Modulo - 1536 | FIPS 186-4 |
| RSA SigVer (FIPS186-2) | A5883 | Capabilities - Signature Type - PKCS 1.5 Properties - Modulo - 1536 | FIPS 186-4 |
| RSA SigVer (FIPS186-2) | A5889 | Capabilities - Signature Type - PKCS 1.5 Properties - Modulo - 1536 | FIPS 186-4 |
| RSA SigVer (FIPS186-4) | A5868 | Capabilities - Signature Type - PKCS 1.5 Properties - Modulo - 1024 | FIPS 186-4 |
| RSA SigVer (FIPS186-4) | A5876 | Capabilities - Signature Type - PKCS 1.5 Properties - Modulo - 1024 | FIPS 186-4 |
| RSA SigVer (FIPS186-4) | A5877 | Capabilities - Signature Type - PKCS 1.5 Properties - Modulo - 1024 | FIPS 186-4 |
| RSA SigVer (FIPS186-4) | A5878 | Capabilities - Signature Type - PKCS 1.5 Properties - Modulo - 1024 | FIPS 186-4 |
| RSA SigVer (FIPS186-4) | A5879 | Capabilities - Signature Type - PKCS 1.5 Properties - Modulo - 1024 | FIPS 186-4 |
| RSA SigVer (FIPS186-4) | A5883 | Capabilities - Signature Type - PKCS 1.5 Properties - Modulo - 1024 | FIPS 186-4 |
| RSA SigVer (FIPS186-4) | A5889 | Capabilities - Signature Type - PKCS 1.5 Properties - Modulo - 1024 | FIPS 186-4 |
| RSA SigVer (FIPS186-5) | A5868 | Capabilities - Properties - Modulo - 2048 Signature Type - pkcs1v1.5 | FIPS 186-5 |
| RSA SigVer (FIPS186-5) | A5869 | Capabilities - Properties - Modulo - 2048 Signature Type - pkcs1v1.5 | FIPS 186-5 |
| RSA SigVer (FIPS186-5) | A5876 | Capabilities - Properties - Modulo - 2048 Signature Type - pkcs1v1.5 | FIPS 186-5 |
| RSA SigVer (FIPS186-5) | A5877 | Capabilities - Properties - Modulo - 2048 Signature Type - pkcs1v1.5 | FIPS 186-5 |
| RSA SigVer (FIPS186-5) | A5878 | Capabilities - Properties - Modulo - 2048 Signature Type - pkcs1v1.5 | FIPS 186-5 |
| RSA SigVer (FIPS186-5) | A5879 | Capabilities - Properties - Modulo - 2048 Signature Type - pkcs1v1.5 | FIPS 186-5 |
| RSA SigVer (FIPS186-5) | A5883 | Capabilities - Properties - Modulo - 2048 Signature Type - pkcs1v1.5 | FIPS 186-5 |
| RSA SigVer (FIPS186-5) | A5885 | Capabilities - Properties - Modulo - 2048 Signature Type - pkcs1v1.5 | FIPS 186-5 |
| RSA SigVer (FIPS186-5) | A5889 | Capabilities - Properties - Modulo - 2048 Signature Type - pkcs1v1.5 | FIPS 186-5 |
| Safe Primes Key Generation | A5898 | Safe Prime Groups - ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192, MODP-2048, MODP-3072, MODP-4096, MODP-6144, MODP- 8192 | SP 800-56A Rev. 3 |
| Safe Primes Key Verification | A5898 | Safe Prime Groups - ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192, MODP-2048, MODP-3072, MODP-4096, MODP-6144, MODP- 8192 | SP 800-56A Rev. 3 |
| SHA-1 | A5868 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| SHA-1 | A5876 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| SHA-1 | A5877 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| SHA-1 | A5878 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| SHA-1 | A5879 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| SHA-1 | A5883 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| SHA-1 | A5889 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| SHA2-224 | A5868 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| SHA2-224 | A5876 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| SHA2-224 | A5877 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| SHA2-224 | A5878 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| SHA2-224 | A5879 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| SHA2-224 | A5883 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| SHA2-224 | A5889 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| SHA2-256 | A5864 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| SHA2-256 | A5868 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| SHA2-256 | A5876 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| SHA2-256 | A5877 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| SHA2-256 | A5878 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| SHA2-256 | A5879 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| SHA2-256 | A5883 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| SHA2-256 | A5889 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| SHA2-384 | A5868 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| SHA2-384 | A5876 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| SHA2-384 | A5877 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| SHA2-384 | A5878 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| SHA2-384 | A5879 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| SHA2-384 | A5883 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| SHA2-384 | A5889 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| SHA2-512 | A5868 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| SHA2-512 | A5876 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| SHA2-512 | A5877 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| SHA2-512 | A5878 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| SHA2-512 | A5879 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| SHA2-512 | A5883 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| SHA2-512 | A5889 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| SHA2-512/224 | A5868 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| SHA2-512/224 | A5876 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| SHA2-512/224 | A5877 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| SHA2-512/224 | A5878 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| SHA2-512/224 | A5879 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| SHA2-512/224 | A5883 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| SHA2-512/224 | A5889 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| SHA2-512/256 | A5868 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| SHA2-512/256 | A5876 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| SHA2-512/256 | A5877 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| SHA2-512/256 | A5878 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| SHA2-512/256 | A5879 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| SHA2-512/256 | A5883 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| SHA2-512/256 | A5889 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 180-4 |
| SHA3-224 | A5869 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 202 |
| SHA3-224 | A5885 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 202 |
| SHA3-256 | A5869 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 202 |
| SHA3-256 | A5885 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 202 |
| SHA3-384 | A5869 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 202 |
| SHA3-384 | A5885 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 202 |
| SHA3-512 | A5869 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 202 |
| SHA3-512 | A5885 | Message Length - Message Length: 0-65536 Increment 8 Large Message Sizes - 1, 2, 4, 8 | FIPS 202 |
| SHAKE-128 | A5869 | Output Length - Output Length: 16-65536 Increment 8 | FIPS 202 |
| SHAKE-128 | A5885 | Output Length - Output Length: 16-65536 Increment 8 | FIPS 202 |
| SHAKE-256 | A5869 | Output Length - Output Length: 16-65536 Increment 8 | FIPS 202 |
| SHAKE-256 | A5885 | Output Length - Output Length: 16-65536 Increment 8 | FIPS 202 |
| TLS v1.2 KDF RFC7627 (CVL) | A5868 | Hash Algorithm - SHA2-256, SHA2-384, SHA2-512 | SP 800-135 Rev. 1 |
| TLS v1.2 KDF RFC7627 (CVL) | A5876 | Hash Algorithm - SHA2-256, SHA2-384, SHA2-512 | SP 800-135 Rev. 1 |
| TLS v1.2 KDF RFC7627 (CVL) | A5877 | Hash Algorithm - SHA2-256, SHA2-384, SHA2-512 | SP 800-135 Rev. 1 |
| TLS v1.2 KDF RFC7627 (CVL) | A5878 | Hash Algorithm - SHA2-256, SHA2-384, SHA2-512 | SP 800-135 Rev. 1 |
| TLS v1.2 KDF RFC7627 (CVL) | A5879 | Hash Algorithm - SHA2-256, SHA2-384, SHA2-512 | SP 800-135 Rev. 1 |
| TLS v1.2 KDF RFC7627 (CVL) | A5883 | Hash Algorithm - SHA2-256, SHA2-384, SHA2-512 | SP 800-135 Rev. 1 |
| TLS v1.2 KDF RFC7627 (CVL) | A5889 | Hash Algorithm - SHA2-256, SHA2-384, SHA2-512 | SP 800-135 Rev. 1 |
| TLS v1.3 KDF (CVL) | A5863 | HMAC Algorithm - SHA2-256, SHA2-384 KDF Running Modes - DHE, PSK, PSK-DHE | SP 800-135 Rev. 1 |
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module Nonapproved NonApproved Table 5: Modes List and Description After passing all pre-operational self-tests and cryptographic algorithm self-tests executed on start-up, the module automatically transitions to the approved mode. No operator intervention is required to reach this point. The module operates in the approved mode of operation by default and can only transition into the non-approved mode by calling one of the non-approved services listed in the Non-Approved Services table of the Security Policy. In the operational state, the module accepts service requests from calling applications through its logical interfaces. At any point in the operational state, a calling application can end its process, causing the module to end its operation. Mode Change Instructions and Status: The module automatically switches between the approved and non-approved modes depending on the services requested by the operator. The status indicator of the mode of
Approved Algorithms: © 2025 SUSE, LLC/atsec information security corporation.
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module © 2025 SUSE, LLC/atsec information security corporation.
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module © 2025 SUSE, LLC/atsec information security corporation.
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module © 2025 SUSE, LLC/atsec information security corporation.
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module © 2025 SUSE, LLC/atsec information security corporation.
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module © 2025 SUSE, LLC/atsec information security corporation.
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module © 2025 SUSE, LLC/atsec information security corporation.
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module © 2025 SUSE, LLC/atsec information security corporation.
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module © 2025 SUSE, LLC/atsec information security corporation.
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module © 2025 SUSE, LLC/atsec information security corporation.
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module © 2025 SUSE, LLC/atsec information security corporation.
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module © 2025 SUSE, LLC/atsec information security corporation.
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module © 2025 SUSE, LLC/atsec information security corporation.
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module © 2025 SUSE, LLC/atsec information security corporation.
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module HMAC-SHA2224 HMAC-SHA2224 HMAC-SHA2224 HMAC-SHA2224 HMAC-SHA2224 HMAC-SHA2224 HMAC-SHA2224 HMAC-SHA2256 HMAC-SHA2256 HMAC-SHA2256 HMAC-SHA2256 HMAC-SHA2256 © 2025 SUSE, LLC/atsec information security corporation.
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module HMAC-SHA2256 HMAC-SHA2256 HMAC-SHA2256 HMAC-SHA2384 HMAC-SHA2384 HMAC-SHA2384 HMAC-SHA2384 HMAC-SHA2384 HMAC-SHA2384 HMAC-SHA2384 HMAC-SHA2512 HMAC-SHA2512 HMAC-SHA2512 HMAC-SHA2512 HMAC-SHA2512 HMAC-SHA2512 © 2025 SUSE, LLC/atsec information security corporation.
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module HMAC-SHA2512 HMAC-SHA3224 © 2025 SUSE, LLC/atsec information security corporation.
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module HMAC-SHA3224 HMAC-SHA3256 HMAC-SHA3256 HMAC-SHA3384 HMAC-SHA3384 HMAC-SHA3512 HMAC-SHA3512 © 2025 SUSE, LLC/atsec information security corporation.
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module © 2025 SUSE, LLC/atsec information security corporation.
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module © 2025 SUSE, LLC/atsec information security corporation.
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module © 2025 SUSE, LLC/atsec information security corporation.
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module © 2025 SUSE, LLC/atsec information security corporation.
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module KDF SP800108 © 2025 SUSE, LLC/atsec information security corporation.
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module © 2025 SUSE, LLC/atsec information security corporation.
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module © 2025 SUSE, LLC/atsec information security corporation.
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module © 2025 SUSE, LLC/atsec information security corporation.
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module © 2025 SUSE, LLC/atsec information security corporation.
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module © 2025 SUSE, LLC/atsec information security corporation.
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module © 2025 SUSE, LLC/atsec information security corporation.
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module © 2025 SUSE, LLC/atsec information security corporation.
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module © 2025 SUSE, LLC/atsec information security corporation.
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module © 2025 SUSE, LLC/atsec information security corporation.
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module © 2025 SUSE, LLC/atsec information security corporation.
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module © 2025 SUSE, LLC/atsec information security corporation.
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module © 2025 SUSE, LLC/atsec information security corporation.
| Name | Properties | |
|---|---|---|
| Asymmetric Cryptographic Key Generation (CKG) | N/A | SP 800-133 Rev. 2, section 4, example 1 |
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module Table 6: Approved Algorithms Vendor-Affirmed Algorithms: N/A Table 7: Vendor-Affirmed Algorithms Non-Approved, Allowed Algorithms: N/A for this module. The module does not implement non-approved algorithms that are allowed in the approved mode of operation. Non-Approved, Allowed Algorithms with No Security Claimed: N/A for this module. © 2025 SUSE, LLC/atsec information security corporation.
| Name | Description | Approved Functions | Type | Properties |
|---|---|---|---|---|
| AES GCM (external IV) | Authentication Encryption | |||
| HMAC (< 112-bit keys) | Message Authentication Code | |||
| KBKDF, KDA OneStep, KDA TwoStep, HKDF, ANS X9.42 KDF, ANS X9.63 KDF (< 112-bit keys) | Key Derivation | |||
| KDA OneStep, KDA TwoStep (SHAKE128, SHAKE256) | Key Derivation | |||
| ANS X9.42 KDF (SHAKE128, SHAKE256) | Key Derivation | |||
| ANS X9.63 KDF (SHA-1, SHAKE128, SHAKE256) | Key Derivation | |||
| SSH KDF (SHA-512/224, SHA-512/256, SHA-3, SHAKE128, SHAKE256) | Key Derivation | |||
| TLS 1.2 KDF (SHA-1, SHA-224, SHA-512/224, SHA- 512/256, SHA-3) | TLS Key Derivation | |||
| TLS 1.3 KDF (SHA-1, SHA-224, SHA-512, SHA-512/224, SHA-512/256, SHA-3) | TLS Key Derivation | |||
| PBKDF2 (< 8 characters password; < 128 salt length; < 1000 iterations; < 112-bit keys) | Password-based Key Derivation | |||
| RSA and ECDSA (pre-hashed message) | Signature generation; Signature verification | |||
| RSA-PSS (invalid salt length: FIPS 186-5, section 5.4, item(g)) | Signature generation; Signature verification | |||
| Symmetric Encryption with AES | Symmetric encryption using AES | AES-CBC: (A5398, A5399, A5400, A5401, A5402, A5403, A5658) | BC-UnAuth | AES-ECB: 128-, 192-, 256-bit keys with 128, 192, 256 bits of security strength |
| Name | Description | Approved Functions | Type | Properties |
|---|---|---|---|---|
| AES GCM (external IV) | Authentication Encryption | |||
| HMAC (< 112-bit keys) | Message Authentication Code | |||
| KBKDF, KDA OneStep, KDA TwoStep, HKDF, ANS X9.42 KDF, ANS X9.63 KDF (< 112-bit keys) | Key Derivation | |||
| KDA OneStep, KDA TwoStep (SHAKE128, SHAKE256) | Key Derivation | |||
| ANS X9.42 KDF (SHAKE128, SHAKE256) | Key Derivation | |||
| ANS X9.63 KDF (SHA-1, SHAKE128, SHAKE256) | Key Derivation | |||
| SSH KDF (SHA-512/224, SHA-512/256, SHA-3, SHAKE128, SHAKE256) | Key Derivation | |||
| TLS 1.2 KDF (SHA-1, SHA-224, SHA-512/224, SHA- 512/256, SHA-3) | TLS Key Derivation | |||
| TLS 1.3 KDF (SHA-1, SHA-224, SHA-512, SHA-512/224, SHA-512/256, SHA-3) | TLS Key Derivation | |||
| PBKDF2 (< 8 characters password; < 128 salt length; < 1000 iterations; < 112-bit keys) | Password-based Key Derivation | |||
| RSA and ECDSA (pre-hashed message) | Signature generation; Signature verification | |||
| RSA-PSS (invalid salt length: FIPS 186-5, section 5.4, item(g)) | Signature generation; Signature verification | |||
| Symmetric Encryption with AES | Symmetric encryption using AES | AES-CBC: (A5398, A5399, A5400, A5401, A5402, A5403, A5658) | BC-UnAuth | AES-ECB: 128-, 192-, 256-bit keys with 128, 192, 256 bits of security strength |
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module The module does not implement non-approved algorithms that are allowed in the approved mode of operation with no security claimed. Non-Approved, Not Allowed Algorithms: Table 8: Non-Approved, Not Allowed Algorithms The table above lists all non-approved cryptographic algorithms of the module employed by the non-approved services of the Non-Approved Services table in Section 4.4 Non-Approved Services. © 2025 SUSE, LLC/atsec information security corporation.
| Name | Description | Approved Functions |
|---|---|---|
| AES-CBC: 128-, 192-, 256-bit keys with 128, 192, 256 bits of security strength AES-CBC-CS1: 128-, 192-, 256- bit keys with 128, 192, 256 bits of security strength AES-CBC-CS2: 128-, 192-, 256- bit keys with 128, 192, 256 bits of security strength AES-CBC-CS3: 128-, 192-, 256- bit keys with 128, 192, 256 bits of security strength AES-CFB1: 128-, 192-, 256-bit keys with 128, 192, 256 bits of security strength AES-CFB128: 128-, 192-, 256- bit keys with 128, 192, 256 bits of security strength AES-CFB8: 128-, 192-, 256-bit keys with 128, 192, 256 bits of security strength AES-CTR: 128-, 192-, 256-bit keys with 128, 192, 256 bits of security strength AES-OFB: 128-, 192-, 256-bit keys with 128, 192, 256 bits of security strength AES-XTS Testing Revision 2.0: 256-, 512-bit keys with 128, 256 bits of security strength | AES-CBC: 128-, 192-, 256-bit keys with 128, 192, 256 bits of security strength AES-CBC-CS1: 128-, 192-, 256- bit keys with 128, 192, 256 bits of security strength AES-CBC-CS2: 128-, 192-, 256- bit keys with 128, 192, 256 bits of security strength AES-CBC-CS3: 128-, 192-, 256- bit keys with 128, 192, 256 bits of security strength AES-CFB1: 128-, 192-, 256-bit keys with 128, 192, 256 bits of security strength AES-CFB128: 128-, 192-, 256- bit keys with 128, 192, 256 bits of security strength AES-CFB8: 128-, 192-, 256-bit keys with 128, 192, 256 bits of security strength AES-CTR: 128-, 192-, 256-bit keys with 128, 192, 256 bits of security strength AES-OFB: 128-, 192-, 256-bit keys with 128, 192, 256 bits of security strength AES-XTS Testing Revision 2.0: 256-, 512-bit keys with 128, 256 bits of security strength | AES-CBC-CS1: (A5398, A5399, A5400, A5401, A5402, A5403, A5658) AES-CBC-CS2: (A5398, A5399, A5400, A5401, A5402, A5403, A5658) AES-CBC-CS3: (A5398, A5399, A5400, A5401, A5402, A5403, A5658) AES-CFB1: (A5398, A5399, A5400, A5401, A5402, A5403, A5658) AES-CFB128: (A5398, A5399, A5400, A5401, A5402, A5403, A5658) AES-CFB8: (A5398, A5399, A5400, A5401, A5402, A5403, A5658) AES-CTR: (A5398, A5399, A5400, A5401, A5402, A5403, A5658) AES-ECB: (A5398, A5399, A5400, A5401, A5402, A5403, A5658, A5884, A5893, A5894, A5895, A5896, A5900) AES-OFB: (A5398, A5399, A5400, A5401, A5402, A5403, A5658) AES-XTS Testing Revision 2.0: (A5398, A5399, |
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module © 2025 SUSE, LLC/atsec information security corporation.
| Name | Description | Approved Functions | Type | Properties |
|---|---|---|---|---|
| Symmetric Decryption with AES | Symmetric decryption using AES | AES-CBC: (A5398, A5399, A5400, A5401, A5402, A5403, A5658) AES-CBC-CS1: (A5398, A5399, A5400, A5401, A5402, A5403, A5658) AES-CBC-CS2: (A5398, A5399, A5400, A5401, A5402, A5403, A5658) AES-CBC-CS3: (A5398, A5399, A5400, A5401, A5402, A5403, A5658) AES-CFB1: (A5398, A5399, A5400, A5401, A5402, A5403, A5658) AES-CFB128: (A5398, A5399, A5400, A5401, A5402, A5403, A5658) AES-CFB8: (A5398, A5399, A5400, A5401, A5402, A5403, A5658) AES-CTR: (A5398, A5399, A5400, A5401, A5402, A5403, A5658) AES-ECB: (A5398, A5399, A5400, A5401, A5402, A5403, A5658, A5884, A5893, A5894, A5895, A5896, A5900) | BC-UnAuth | AES-ECB: 128-, 192-, 256-bit keys with 128, 192, 256 bits of security strength AES-CBC: 128-, 192-, 256-bit keys with 128, 192, 256 bits of security strength AES-CBC-CS1: 128-, 192-, 256- bit keys with 128, 192, 256 bits of security strength AES-CBC-CS2: 128-, 192-, 256- bit keys with 128, 192, 256 bits of security strength AES-CBC-CS3: 128-, 192-, 256- bit keys with 128, 192, 256 bits of security strength AES-CFB1: 128-, 192-, 256-bit keys with 128, 192, 256 bits of security strength AES-CFB128: 128-, 192-, 256- bit keys with 128, 192, 256 bits of security strength AES-CFB8: 128-, 192-, 256-bit keys with 128, 192, 256 bits of security strength AES-CTR: 128-, 192-, 256-bit keys with 128, 192, 256 bits of security strength AES-OFB: 128-, 192-, 256-bit keys with 128, |
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module © 2025 SUSE, LLC/atsec information security corporation.
| Name | Description | Csps Accessed | Approved Functions | Type |
|---|---|---|---|---|
| Key Derivation with KDA OneStep | Key Derivation using KDA OneStep | MACs: (HMAC) SHA-1, SHA-224, SHA-256, SHA- 384, SHA-512, SHA-512/224, SHA-512/256, SHA3-224, SHA3- 256, SHA3-384, SHA3-512 Shared secret length: 224-8192 bits Security strength: 112- 256 bits | KDA OneStep SP800-56Cr2: (A5897) | KAS-56CKDF |
| Key Derivation with KDA TwoStep | Key Derivation using KDA TwoStep | Modes: feedback MACs: (HMAC) SHA-1, SHA-224, SHA-256, SHA- 384, SHA-512, SHA-512/224, SHA-512/256, SHA3-224, SHA3- 256, SHA3-384, SHA3-512 Shared secret length: 224-8192 bits Security strength: 112- 256 bits | KDA TwoStep SP800-56Cr2: (A5897) | KAS-56CKDF |
| Key Derivation with X9.42 KDF | Key Derivation using X9.42 KDF | Hashes: SHA-1, SHA2-224, SHA2- 256, SHA2-384, SHA2-512, SHA2- 512/224, SHA2- | KDF ANS 9.42: (A5868, A5869, A5876, A5877, A5878, A5879, | KAS-135KDF |
| 512/256 Shared secret length: 224-8192 bits Security strength: 112- 256 bits | 512/256 Shared secret length: 224-8192 bits Security strength: 112- 256 bits | A5883, A5885, A5889) | ||
| Key Derivation with X9.63 KDF | Key Derivation using X9.63 KDF | Hashes: SHA2- 224, SHA2-256, SHA2-384, SHA2- 512, SHA2- 512/224, SHA2- 512/256 Shared secret length: 224-8192 bits Security strength: 112- 256 bits | KDF ANS 9.63: (A5868, A5869, A5876, A5877, A5878, A5879, A5883, A5885, A5889) | KAS-135KDF |
| Key Derivation with SSH KDF | Key Derivation | Ciphers: AES- 128, AES-192, AES-256 Hashes: SHA-1, SHA2-224, SHA2- 256, SHA2-384, SHA2-512 Shared secret length: 224-8192 bits Security strength: 112- 256 bits | KDF SSH: (A5884, A5893, A5894, A5895, A5896, A5900) | KAS-135KDF |
| Key Derivation with HKDF | Key Derivation using HKDF | MACs: HMAC with SHA-1, SHA2- 224, SHA2-256, SHA2-384, SHA2- 512, SHA2- 512/224, SHA2- 512/256, SHA3- 224, SHA3-256, SHA3-384, SHA3- 512 Shared secret length: 224-8192 bits Security strength: 112- 256 bits | KDA HKDF SP800-56Cr2: (A5863) | KAS-56CKDF |
| TLS Key Derivation | TLS 1.2 / 1.3 Key Derivation | TLS v1.2 KDF RFC7627: Hashes: SHA2- 256, SHA2-384, SHA2-512; Support: extended master secret TLS v1.3 KDF: Modes: DHE, PSK, PSK-DHE; Hashes: SHA2- 256, SHA2-384 Shared secret length: 224-8192 bits Security strength: 112- 256 bits | TLS v1.3 KDF: (A5863) TLS v1.2 KDF RFC7627: (A5868, A5876, A5877, A5878, A5879, A5883, A5889) | KAS-135KDF |
| Key Derivation with KBKDF | Key derivation using KBKDF | Modes: Counter, Feedback MACs: CMAC with AES-128, AES- 192, AES-256 and HMAC with SHA-1, SHA2- 224, SHA2-256, SHA2-384, SHA2- 512, SHA2- 512/224, SHA2- 512/256, SHA3- 224, SHA3-256, SHA3-384, SHA3- 512 KDK length: 112- 4096 bits Security strength: 112- 256 bits | KDF SP800-108: (A5899) | KBKDF |
| Password- based Key Derivation | Password- based Key Derivation | Option: 1a Password length: 20-128 characters Salt length: 128- 4096 bits Iteration count: 1000-10000 Hashes: SHA-1, SHA2-224, SHA2- | PBKDF: (A5868, A5869, A5876, A5877, A5878, A5879, A5883, A5885, A5889) | PBKDF |
| Random Number Generation | Random Number Generation | Counter DRBG: AES-128, AES- 192, AES-256, with/without derivation function, with/without prediction resistance; Internal state length: 256, 320, 384 bits; Security strength: 128, 192, 256 bits HMAC DRBG: SHA-1, SHA-256, SHA-512 with/without prediction resistance; Internal state length: 320, 512, 1024 bits; Security strength: 128, 256 bits Hash DRBG: SHA- 1, SHA-256, SHA- 512 with/without prediction resistance; Internal state length: 880, 1776 bits; Security strength: 128, 256 bits | Counter DRBG: (A5397) HMAC DRBG: (A5397) Hash DRBG: (A5397) | DRBG |
| Signature Generation | Signature Generation | ECDSA SigGen (FIPS 186-5): Curves: P-224, P- 256, P-384, P- 521; Hashes: SHA-224, SHA- 256, SHA-384, SHA-512, SHA- 512/224, SHA- 512/256, SHA3- 224, SHA3- 256, SHA3-384, SHA3- 512; Security strength: 112, 128, 192, 256 bits RSA SigGen (FIPS 186-5): Padding: PKCS#1 v1.5 and PSS; Moduli: 2048-16384 bits; Hashes: SHA- 224, SHA-256, SHA-384, SHA- 512, SHA- 512/224, SHA- 512/256, SHA3- 224, SHA3- 256, SHA3-384, SHA3- 512; Security strength: 112- 256 bits IG C.F Compliance: The module supports RSA modulus sizes which are not tested by CAVP in compliance with FIPS 140-3 IG C.F | ECDSA SigGen (FIPS186-5): (A5868, A5869, A5876, A5877, A5878, A5879, A5883, A5885, A5889) RSA SigGen (FIPS186-5): (A5868, A5869, A5876, A5877, A5878, A5879, A5883, A5885, A5889) | DigSig-SigGen |
| Signature Verification | Signature Verification | ECDSA SigVer (FIPS 186-5): Curves: P-224, P- 256, P-384, P- 521; Hashes: SHA-224, SHA- 256, SHA-384, SHA-512, SHA- 512/224, SHA- | ECDSA SigVer (FIPS186-5): (A5868, A5869, A5876, A5877, A5878, A5879, A5883, A5885, A5889) RSA SigVer (FIPS186-2): | DigSig-SigVer |
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module © 2025 SUSE, LLC/atsec information security corporation.
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module © 2025 SUSE, LLC/atsec information security corporation.
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module Passwordbased Key Passwordbased Key © 2025 SUSE, LLC/atsec information security corporation.
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module © 2025 SUSE, LLC/atsec information security corporation.
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module © 2025 SUSE, LLC/atsec information security corporation.
| Name | Description | Approved Functions |
|---|---|---|
| 512/256, SHA3- 224, SHA3- 256, SHA3-384, SHA3- 512; Security strength: 112, 128, 192, 256 bits RSA SigVer (FIPS 186-5): NIST SP 800-131A Rev. 2 Acceptable; Padding: PKCS#1 v1.5 and PSS; Moduli: 2048- 16384 bits; Hashes: SHA- 224, SHA-256, SHA-384, SHA- 512, SHA- 512/224, SHA- 512/256, SHA3- 224, SHA3- 256, SHA3-384, SHA3- 512; Security strength: 112- 256 bits RSA SigVer (FIPS 186-2) and RSA SigVer (FIPS 186- 4): NIST SP 800- 131A Rev. 2 Legacy use; Padding: PKCS#1 v1.5 and PSS; Moduli: 1024- 2047 bits; Hashes: SHA- 224, SHA-256, SHA-384, SHA- 512; Security strength: 80-111 bits IG C.F Compliance: The module supports RSA modulus sizes which are not tested by CAVP in compliance with FIPS 140-3 IG C.F | 512/256, SHA3- 224, SHA3- 256, SHA3-384, SHA3- 512; Security strength: 112, 128, 192, 256 bits RSA SigVer (FIPS 186-5): NIST SP 800-131A Rev. 2 Acceptable; Padding: PKCS#1 v1.5 and PSS; Moduli: 2048- 16384 bits; Hashes: SHA- 224, SHA-256, SHA-384, SHA- 512, SHA- 512/224, SHA- 512/256, SHA3- 224, SHA3- 256, SHA3-384, SHA3- 512; Security strength: 112- 256 bits RSA SigVer (FIPS 186-2) and RSA SigVer (FIPS 186- 4): NIST SP 800- 131A Rev. 2 Legacy use; Padding: PKCS#1 v1.5 and PSS; Moduli: 1024- 2047 bits; Hashes: SHA- 224, SHA-256, SHA-384, SHA- 512; Security strength: 80-111 bits IG C.F Compliance: The module supports RSA modulus sizes which are not tested by CAVP in compliance with FIPS 140-3 IG C.F | (A5868, A5876, A5877, A5878, A5879, A5883, A5889) RSA SigVer (FIPS186-4): (A5868, A5876, A5877, A5878, A5879, A5883, A5889) RSA SigVer (FIPS186-5): (A5868, A5869, A5876, A5877, A5878, A5879, A5883, A5885, A5889) |
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module © 2025 SUSE, LLC/atsec information security corporation.
| Name | Description | Approved Functions | Type | Properties |
|---|---|---|---|---|
| Message Authentication Code | Message Authentication Code | HMAC-SHA-1: (A5868, A5876, A5877, A5878, A5879, A5883, A5889) HMAC-SHA2- 224: (A5868, A5876, A5877, A5878, A5879, A5883, A5889) HMAC-SHA2- 256: (A5864, A5868, A5876, A5877, A5878, A5879, A5883, A5889) HMAC-SHA2- 384: (A5868, A5876, A5877, A5878, A5879, A5883, A5889) HMAC-SHA2- 512: (A5868, A5876, A5877, A5878, A5879, A5883, A5889) HMAC-SHA2- 512/224: (A5868, A5876, A5877, A5878, A5879, A5883, A5889) HMAC-SHA2- 512/256: (A5868, A5876, A5877, A5878, A5879, A5883, A5889) HMAC-SHA3- 224: (A5869, A5885) HMAC-SHA3- 256: (A5869, A5885) HMAC-SHA3- 384: (A5869, A5885) HMAC-SHA3- 512: (A5869, A5885) AES-CMAC: | MAC | HMAC: Hashes: SHA-1, SHA-224, SHA-256, SHA- 384, SHA-512, SHA-512/224, SHA-512/256, SHA3-224, SHA3- 256, SHA3-384, SHA3-512; Key length: 112- 524288 bits; Security strength: 112- 256 bits AES CMAC and GMAC: Key length: 128, 192, 256 bits; Security strength: 128, 192, 256 bits |
| Message digest | Message digest | SHA-1: (A5868, A5876, A5877, A5878, A5879, A5883, A5889) SHA2-224: (A5868, A5876, A5877, A5878, A5879, A5883, A5889) SHA2-256: (A5864, A5868, A5876, A5877, A5878, A5879, A5883, A5889) SHA2-384: (A5868, A5876, A5877, A5878, A5879, A5883, A5889) SHA2-512: (A5868, A5876, A5877, A5878, A5879, A5883, A5889) SHA2-512/224: (A5868, A5876, A5877, A5878, A5879, A5883, A5889) SHA2-512/256: (A5868, A5876, A5877, A5878, A5879, A5883, A5889) SHA3-224: (A5869, A5885) SHA3-256: (A5869, A5885) | SHA XOF | Hashes: SHA-1, SHA-224, SHA- 256, SHA-384, SHA-512, SHA- 512/224, SHA- 512/256, SHA3- 224, SHA3-256, SHA3-384, SHA3- 512 XOFs: SHAKE- 128, SHAKE-256 |
| Authenticated Symmetric Encryption | Authenticated Symmetric Encryption | AES-CCM: (A5398, A5399, A5400, A5401, A5402, A5403, A5658) AES-GCM: (A5870, A5871, A5872, A5873, A5874, A5875, A5880, A5881, A5882, A5886, A5887, A5888, A5903, A5904, A5905) AES-KW: (A5398, A5399, A5400, A5401, A5402, A5403, A5658) AES-KWP: (A5398, A5399, A5400, A5401, A5402, A5403, A5658) | BC-Auth | Key Length: 128, 192, 256 bits Security strength: 128, 192, 256 bits |
| Authenticated Symmetric Decryption | Authenticated Symmetric Decryption | AES-GCM: (A5870, A5871, A5872, A5873, A5874, A5875, A5880, A5881, A5882, A5886, A5887, A5888, A5903, A5904, A5905) AES-CCM: (A5398, A5399, A5400, A5401, A5402, A5403, A5658) AES-KW: (A5398, A5399, A5400, A5401, | BC-Auth | Key Length: 128, 192, 256 bits Security strength: 128, 192, 256 bits |
| Key Pair Generation with ECDSA | Key Pair Generation using ECDSA | ECDSA KeyGen (FIPS186-5): (A5868, A5876, A5877, A5878, A5879, A5883, A5889) Asymmetric Cryptographic Key Generation (CKG): () | AsymKeyPair- KeyGen CKG | Mode: FIPS 186-5 A.2.2: Rejection Sampling Curves: P-224, P- 256, P-384, P- 521 Security strength: 112, 128, 192, 256 bits |
| Key Pair Generation with RSA | Key Pair Generation using RSA | RSA KeyGen (FIPS186-5): (A5868, A5876, A5877, A5878, A5879, A5883, A5889) Asymmetric Cryptographic Key Generation (CKG): () | AsymKeyPair- KeyGen CKG | Mode: FIPS 186- 5, A.1.6: Probable Primes Based on Auxiliary Probable Moduli: 2048- 15360 bits Security strength: 112- 256 bits IG C.F Compliance: The module supports RSA modulus sizes which are not tested by CAVP in compliance with FIPS 140-3 IG C.F |
| Key Pair Generation with Safe Primes | Key Pair Generation using Safe Primes | Safe Primes Key Generation: (A5898) Asymmetric Cryptographic Key Generation (CKG): () | AsymKeyPair- KeyGen CKG | Mode: Testing Candidates (SP 800-56Arev3 Appendix 5.6.1.1.4) Groups: ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192, |
| Key Pair Verification with ECDSA | Key Pair Verification using ECDSA | ECDSA KeyVer (FIPS186-5): (A5868, A5876, A5877, A5878, A5879, A5883, A5889) | AsymKeyPair- KeyVer | Mode: FIPS 186-5 A.2.2: Rejection Sampling Curves: P-224, P- 256, P-384, P- 521 Security strength: 112, 128, 192, 256 bits |
| Key Pair Verification with Safe Primes | Key Pair Verification using Safe Primes | Safe Primes Key Verification: (A5898) | AsymKeyPair- KeyVer | Mode: Testing Candidates (SP 800-56Arev3 Appendix 5.6.1.1.4) Groups: ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192, MODP-2048, MODP-3072, MODP-4096, MODP-6144, MODP-8192 Security strength: 112- 200 bits |
| Shared Secret Computation with DH | Shared Secret Computation using DH | KAS-FFC-SSC Sp800-56Ar3: (A5898) | KAS-SSC | Compliance: SP 800-56A Rev. 3, FIPS 140-3 IG D.F. Scenario 2 (1) Scheme: dpEphem KAS Role: initiator, responder Groups: |
| Shared Secret Computation with ECDH | Shared Secret Computation using EC Diffie- Hellman | KAS-ECC-SSC Sp800-56Ar3: (A5868, A5876, A5877, A5878, A5879, A5883, A5889) | KAS-SSC | Compliance: SP 800-56A Rev. 3, FIPS 140-3 IG D.F. Scenario 2 (1) Scheme: ephemeralUnified KAS Role: initiator, responder Curves: P-224, P- 256, P-384, P- 521 Security strength: 112, 128, 192, 256 bits |
| Shared Secret Computation with RSA | Shared Secret Computation using RSA | KAS-IFC-SSC: (A5868, A5876, A5877, A5878, A5879, A5883, A5889) | KAS-SSC | |
| Asymmetric Encryption with RSA | Asymmetric encryption using RSA | KTS-IFC: (A5868, A5876, A5877, A5878, A5879, A5883, A5889) | KTS-Encap | |
| Asymmetric Decryption with RSA | Asymmetric decryption using RSA | KTS-IFC: (A5868, A5876, A5877, A5878, A5879, A5883, A5889) | KTS-Decap |
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module © 2025 SUSE, LLC/atsec information security corporation.
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module © 2025 SUSE, LLC/atsec information security corporation.
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module © 2025 SUSE, LLC/atsec information security corporation.
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module AsymKeyPairKeyGen AsymKeyPairKeyGen AsymKeyPairKeyGen 5.6.1.1.4) © 2025 SUSE, LLC/atsec information security corporation.
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module AsymKeyPairKeyVer AsymKeyPairKeyVer 5.6.1.1.4) (1) © 2025 SUSE, LLC/atsec information security corporation.
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module (1) Table 9: Security Function Implementations © 2025 SUSE, LLC/atsec information security corporation.
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module
For TLS 1.2, the module offers the AES GCM implementation and uses the context of Scenario 1 of FIPS 140-3 IG C.H. The module is compliant with SP 800-52 Rev. 2 Section
The module does not implement the TLS protocol. The module’s implementation of AES GCM is used together with an application that runs outside the module’s cryptographic boundary. The design of the TLS protocol implicitly ensures that the counter (the nonce_explicit part of the IV) does not exhaust the maximum number of possible values for a given session key. In the event the module’s power is lost and restored, the consuming application must ensure that a new key for use with the AES GCM key encryption or decryption under this scenario shall be established. Alternatively, the Crypto Officer can use the module’s API to perform AES GCM encryption using internal IV generation. These IVs are always 96 bits and generated using the approved DRBG internal to the module’s boundary, compliant to Scenario 2 of FIPS 140-3 IG C.H. The module also provides a non-approved AES GCM encryption service which accepts arbitrary external IVs from the operator. This service can be requested by invoking the EVP_EncryptInit_ex2 API function with a non-NULL IV value. When this is the case, the API will set a non-approved service indicator. Finally, for TLS 1.3, the AES GCM implementation uses the context of Scenario 5 of FIPS 1403 IG C.H. The protocol that provides this compliance is TLS 1.3, defined in RFC8446 of August 2018, using the cipher-suites that explicitly select AES GCM as the encryption/decryption cipher (Appendix B.4 of RFC8446). The module supports acceptable AES GCM cipher suites from Section 3.3.1 of SP 800-52 Rev. 2. The module’s implementation of AES GCM is used together with an application that runs outside the module’s cryptographic boundary. The design of the TLS protocol implicitly ensures that the counter (the nonce_explicit part of the IV) does not exhaust the maximum number of possible values for a given session key.
The length of a single data unit encrypted or decrypted with AES XTS shall not exceed 2²⁰ AES blocks, that is 16MB, of data per XTS instance. An XTS instance is defined in Section 4 of SP 800-38E. To meet the requirement stated in IG C.I, the module implements a check that ensures, before performing any cryptographic operation, that the two AES keys used in AES XTS mode are not identical. As the module does not generate symmetric keys, the check is performed when keys are input the service APIs. Key_1 and Key_2 shall be generated and/or established independently according to the rules for component symmetric keys from NIST SP 800-133rev2, Sec. 6.3. The XTS mode shall only be used for the cryptographic protection of data on storage devices. It shall not be used for other purposes, such as the encryption of data in transit.
The module provides password-based key derivation (PBKDF2), compliant with SP 800-132. The module supports option 1a from Section 5.4 of SP 800-132, in which the Master Key (MK) or a segment of it is used directly as the Data Protection Key (DPK). In accordance to SP 800-132 and FIPS 140-3 IG D.N, the following requirements are met: © 2025 SUSE, LLC/atsec information security corporation.
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module
To comply with the assurances found in Section 5.6.2 of SP 800-56A Rev. 3, the operator must use the module together with an application that implements the TLS protocol. Additionally, the module’s approved key pair generation service (see Approved Services table in Section 4.3 Approved Services) must be used to generate ephemeral Diffie-Hellman or EC Diffie-Hellman key pairs, or the key pairs must be obtained from another FIPSvalidated module. As part of this service, the module will internally perform the full public key validation of the generated public key. The module’s shared secret computation service will internally perform the full public key validation of the peer public key, complying with Sections 5.6.2.2.1 and 5.6.2.2.2 of SP 80056A Rev. 3.
The module implements the SHA-3 algorithms as both standalone and part of higher-level algorithms (in compliance with FIPS 140-3 IG C.C). As detailed in Section 2.6 Security Function Implementations with corresponding certificates, the cryptographic algorithms that use of SHA-3 include RSA signature generation and verification, ECDSA signature generation and verification, KBKDF, KDA HKDF, X9.63 KDF, X9.42 KDF, PBKDF, OneStep KDA, and HMAC. In addition, the implementation of the extendable output functions SHAKE128 and SHAKE256 were verified to have a standalone usage.
The module supports RSA Signature Verification for 1024, 1280, 1536 and 1792-bit keys. This is allowed by FIPS 140-3 IG C.F. Specifically, 1280 and 1792 cannot be CAVP tested but are approved for signature verification in IG C.F. The 1024-bit modulus has been CAVP tested for RSA signature verification in compliance with FIPS 186-4, while the 1536-bit modulus has been CAVP tested for RSA signature verification in compliance with FIPS 186-2. For all other approved moduli (namely 2048, 3072, and 4096 bit keys) supported by the module, RSA signature verification is approved and CAVP tested in compliance with FIPS 186-5. © 2025 SUSE, LLC/atsec information security corporation.
| Cert | Vendor | ||
|---|---|---|---|
| Number | Name | ||
| E177 | SUSE LLC |
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module
To comply with the assurances found in Section 6.4 of SP 800-56B Rev. 2, the module’s approved RSA key pair generation service (see Table 9) must be used to generate the RSA key pairs, or the key pairs must be obtained from another FIPS-validated module. As part of this service, the module will internally perform the key pair validity and the pairwise consistency according to Section 6.4.1.1 of SP 800-56B Rev. 2. Additionally, the entity requesting the shared secret computation service shall verify the validity of the peer’s public key using the public key validation service of the module (EVP_PKEY_check() API). This service will perform the full public key validation of the peer’s public key, complying with Section 6.4.2.1 of SP 800-56B Rev. 2.
To comply with the assurances found in Section 6.4 of SP 800-56Br2, the operator must use the module in the context of the TLS or SSH protocols. Additionally, the module’s approved key pair generation service (see Section 4.3) must be used to generate RSA key pairs, or the key pairs must be obtained from another FIPS-validated module. As part of this service, the module will internally perform the key pair validation of the generated public key. The operator must use the EVP_PKEY_public_check() API to perform partial public key validation of the peer public key, complying with Section 6.4.2.2 of SP 800-56Br2. The operator must also confirm the peer’s possession of private key by using any method specified in Section 6.4.2.3 of SP 800-56Br2.
The module does not establish SSPs using an approved key transport scheme (KTS). However, it does offer approved authenticated algorithms that can be used by an external operator/application as part of an approved KTS. The module does not establish SSPs using an approved key agreement scheme (KAS). However, it does offer some or all of the underlying KAS cryptographic functionality to be used by an external operator/application as part of an approved KAS.
SHA-1 is only approved when used in approved modes for message digest, HMAC, HKDF, KDA OneStep/TwoStep, PBKDF, SSH KDF, ANS x9.42 KDF, KBKDF, Hash DRBG, HMAC DRBG, RSA OAEP. The use of SHA-1 for digital signature generation (e.g., ECDSA, RSA, EdDSA) or verification is non-approved.
Table 10: Entropy Certificates © 2025 SUSE, LLC/atsec information security corporation.
| Name | Type | Strength | Operational Environment | Conditioning Component | |
|---|---|---|---|---|---|
| SUSE OpenSSL CPU Time Jitter RNG Entropy Source | Non- Physical | 256 bits | SUSE Linux Enterprise Server 15 SP6 on AMD EPYC™ 7343; SUSE Linux Enterprise Server 15 SP6 on Ampere® Altra® Q80- 30; SUSE Linux Enterprise Server 15 SP6 on Intel® Xeon® Gold 5416S; SUSE Linux Enterprise Server 15 SP6 on IBM® Telum™ | full entropy | AES-256-CTR- DRBG (A5397); SHA3-256 (A5411) |
NonPhysical Table 11: Entropy Sources As per the Public document of entropy certificate E177, the entropy source provides full In addition to the DRBG algorithms provided to the operator, the module internally uses two dedicated DRBG instances based on SP 800-90A Rev. 1 to generate seeds for asymmetric key pairs and random numbers for security functions. The following parameters are used:
The module implements asymmetric key pair generation compliant with SP 800-133 Rev. 2 as listed in the Security Function Implementations table in 2.6 Security Function Implementations. When random values are required, they are obtained from the SP 800-90A Rev. 1 approved DRBG, compliant with Section 4 of SP 800-133 Rev. 2 (without XOR). Intermediate key generation values are not output from the module and are explicitly zeroized after processing the service.
The module provides Diffie-Hellman (DH) and Elliptic Curve Diffie-Hellman (ECDH) shared secret computation compliant with SP 800-56A Rev. 3, in accordance with scenario 2 (1) of FIPS 140-3 IG D.F. For Diffie-Hellman, the module supports the use of the safe primes defined in RFC 3526 (IKE) and RFC 7919 (TLS). Note that the module only implements key pair generation, key pair verification, and shared secret computation. No other part of the IKE or TLS protocols is implemented (with the exception of the TLS 1.2 and 1.3 KDFs): © 2025 SUSE, LLC/atsec information security corporation.
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module • IKE (RFC 3526): o o o o • MODP-2048 (ID =
The module implements the SSH key derivation function for use in the SSH protocol (RFC
GCM with internal IV generation in the approved mode is compliant with versions 1.2 and 1.3 of the TLS protocol (RFC 5288 and 8446) and shall only be used in conjunction with the TLS protocol. Additionally, the module implements the TLS 1.2 and TLS 1.3 key derivation functions for use in the TLS protocol. No parts of the SSH, TLS, or IKE protocols, other than those mentioned above, have been tested by the CAVP and CMVP. © 2025 SUSE, LLC/atsec information security corporation.
| Name | Physical Port | Logical Interface | Data That Passes |
|---|---|---|---|
| N/A | N/A | Data Input | API input parameters |
| N/A | N/A | Data Output | API output parameters |
| N/A | N/A | Control Input | API function calls |
| N/A | N/A | Status Output | API return codes, error queue |
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module
N/A N/A N/A N/A Table 12: Ports and Interfaces The logical interfaces are the APIs through which the applications request services. These logical interfaces are logically separated from each other by the API design. The module does not implement a control output interface. © 2025 SUSE, LLC/atsec information security corporation.
| Name | Description | Role Access | Csps Accessed | Approved Functions | Indicator | Type | Input | Output | |
|---|---|---|---|---|---|---|---|---|---|
| Crypto Officer | CO | Role | None | ||||||
| Symmet ric Encrypti on | Used to perform symme tric encrypt ion of an entry plaintex t | Crypto Officer - AES key: W,E | Symmet ric Encrypti on with AES | EVP_EncryptFinal_ex returns 1 | Plainte xt, AES key, IV | Ciphert ext | |||
| Symmet ric Decrypti on | Used to perform symme tric decrypt ion of an entry ciphert ext | Crypto Officer - AES key: W,E | Symmet ric Decrypti on with AES | EVP_DecryptFinal_ex returns 1 | Ciphert ext, AES key, IV | Plainte xt |
| Name | Description | Role Access | Csps Accessed | Approved Functions | Indicator | Type | Input | Output | |
|---|---|---|---|---|---|---|---|---|---|
| Crypto Officer | CO | Role | None | ||||||
| Symmet ric Encrypti on | Used to perform symme tric encrypt ion of an entry plaintex t | Crypto Officer - AES key: W,E | Symmet ric Encrypti on with AES | EVP_EncryptFinal_ex returns 1 | Plainte xt, AES key, IV | Ciphert ext | |||
| Symmet ric Decrypti on | Used to perform symme tric decrypt ion of an entry ciphert ext | Crypto Officer - AES key: W,E | Symmet ric Decrypti on with AES | EVP_DecryptFinal_ex returns 1 | Ciphert ext, AES key, IV | Plainte xt | |||
| Authent icated Encrypti on | Used to perform authent icated symme tric encrypt ion with AES | Crypto Officer - AES key: W,E | Authent icated Symmet ric Encrypti on | AES-GCM: EVP_CIPHER_SUSE_FIPS_INDI CATOR_APPROVED; Others: EVP_EncryptFinal_ex returns 1 | Plainte xt, AES key, IV | Ciphert ext, MAC tag | |||
| Authent icated Decrypti on | Used to perform authent icated symme tric decrypt ion with AES | Crypto Officer - AES key: W,E | Authent icated Symmet ric Decrypti on | AES-GCM: EVP_CIPHER_SUSE_FIPS_INDI CATOR_APPROVED; Others: EVP_DecryptFinal_ex returns 1 | Ciphert ext, AES key, IV, MAC tag | Plainte xt or failure | |||
| Messag e Authent ication Code | Comput e a MAC tag | Crypto Officer - HMAC key: W,E - AES key: W,E | Messag e Authent ication Code | HMAC: EVP_MAC_SUSE_FIPS_INDICAT OR_APPROVED; Others: EVP_MAC_final returns 1 | Messag e, AES key or HMAC key | MAC tag | |||
| Messag e Digest | Used to generat e a SHA-1, SHA-2, or SHA- 3/SHAK E messag e digest | Crypto Officer | Messag e digest | EVP_DigestFinal_ex returns 1 | Messag e | Messag e digest | |||
| Key Derivati on with KBKDF | Derive a key from a key- derivati on key | Crypto Officer - Key Derivat ion Key: W,E - | Key Derivati on with KBKDF | EVP_KDF_SUSE_FIPS_INDICAT OR_APPROVED | Key- derivati on key | KBKDF Derive d Key | |||
| Key Derivati on with HKDF | Derive a key from a shared secret using HKDF | Crypto Officer - Shared Secret: W,E - HKDF Derive d Key: G,R | Key Derivati on with HKDF | EVP_KDF_SUSE_FIPS_INDICAT OR_APPROVED | Shared secret | HKDF Derive d Key | |||
| Key Derivati on with SSH KDF | Derive a key from a shared secret using SSH KDF | Crypto Officer - Shared Secret: W,E - SSH Derive d Key: G,R | Key Derivati on with SSH KDF | EVP_KDF_SUSE_FIPS_INDICAT OR_APPROVED | Shared secret | SSH Derive d Key | |||
| Key Derivati on with X9.63 KDF | Derive a key from a shared secret using X9.63 KDF | Crypto Officer - Shared Secret: W,E - X9.63 Derive d Key: G,R | Key Derivati on with X9.63 KDF | EVP_KDF_SUSE_FIPS_INDICAT OR_APPROVED | Shared secret | X9.63 Derive d Key | |||
| Key Derivati on with X9.42 KDF | Derive a key from a shared secret using X9.63 KDF | Crypto Officer - Shared Secret: W,E - X9.42 Derive d Key: G,R | Key Derivati on with X9.42 KDF | EVP_KDF_SUSE_FIPS_INDICAT OR_APPROVED | Shared secret | X9.42 Derive d Key | |||
| Key Derivati on with KDA OneSte p | Derive a key from a shared secret using KDA OneSte p | Crypto Officer - Shared Secret: W,E - KDA OneSte p Derive d Key: G,R | Key Derivati on with KDA OneSte p | EVP_KDF_SUSE_FIPS_INDICAT OR_APPROVED | Shared secret | KDA OneSte p Derive d Key | |||
| Key Derivati on with KDA TwoSte p | Derive a key from a shared secret using KDA TwoSte p | Crypto Officer - Shared Secret: W,E - KDA TwoSte p Derive d Key: G,R | Key Derivati on with KDA TwoSte p | EVP_KDF_SUSE_FIPS_INDICAT OR_APPROVED | Shared secret | KDA TwoSte p Derive d Key | |||
| TLS Key Derivati on | Derive a key from a shared secret using TLS 1.2 KDF / TLS 1.3 KDF | Crypto Officer - Shared Secret: W,E - TLS Derive d Key: G,R | TLS Key Derivati on | EVP_KDF_SUSE_FIPS_INDICAT OR_APPROVED | Shared secret | TLS Derive d Key | |||
| Passwor d-based Key Derivati on | Derive a key from a passwo rd | Crypto Officer - Passwo rd or passph rase: W,E - PBKDF Derive | Passwor d-based Key Derivati on | EVP_KDF_SUSE_FIPS_INDICAT OR_APPROVED | Passwo rd or passph rase | PBKDF Derive d Key | |||
| Shared Secret Comput ation with DH | Comput e a shared secret | Crypto Officer - DH Private key: W,E - DH Public key: W,E - Shared Secret: G,R | Shared Secret Comput ation with DH | EVP_PKEY_derive returns 1 | DH private key, DH public key (peer) | Shared secret | |||
| Shared Secret Comput ation with ECDH | Comput e a shared secret | Crypto Officer - EC Private key: W,E - EC Public key: W,E - Shared Secret: G,R | Shared Secret Comput ation with ECDH | EVP_PKEY_derive returns 1 | EC private key, EC public key (peer) | Shared secret | |||
| Shared Secret Comput ation with RSA | Comput e a shared secret | Crypto Officer - RSA private key: W,E - RSA public key: W,E - Shared Secret: G,R | Shared Secret Comput ation with RSA | EVP_PKEY_derive returns 1 | RSA private key, RSA public key (peer) | Shared secret | |||
| Asymm etric Encrypti on | Perform RSA- based encrypt ion (compli ant with SP 800- 56B Rev. 2)) | Crypto Officer - RSA public key: W,E | Asymm etric Encrypti on with RSA | EVP_PKEY_encrypt returns 1 | RSA public key (peer), plainte xt key | Encaps ulated key | |||
| Asymm etric Decrypti on | Perform RSA- based decrypt ion (compli ant with SP 800- 56B Rev. 2)) | Crypto Officer - RSA private key: W,E | Asymm etric Decrypti on with RSA | EVP_PKEY_decrypt returns 1 | RSA private key (owner) , encaps ulated key | Plainte xt key | |||
| Signatur e Generat ion | Genera te a digital signatu re | Crypto Officer - RSA private key: W,E - EC Private key: W,E | Signatur e Generat ion | EVP_SIGNATURE_SUSE_FIPS_I NDICATOR_APPROVED | Messag e, private key | Signatu re | |||
| Signatur e Verificat ion | Verify a digital signatu re | Crypto Officer - RSA public key: W,E - EC Public key: W,E | Signatur e Verificat ion | EVP_SIGNATURE_SUSE_FIPS_I NDICATOR_APPROVED | Messag e, public key, signatu re | Pass/fai l | |||
| Key Pair Generat ion | Genera te a key pair | Crypto Officer - Module - genera ted RSA private key: G,R - Module - genera ted DH Private key: G,R - Module - genera ted RSA public key: G,R - Module - genera ted DH Public key: G,R - Module - genera ted EC Private key: G,R - Module - genera | Key Pair Generat ion with RSA Key Pair Generat ion with ECDSA Key Pair Generat ion with Safe Primes | EVP_PKEY_Generate returns 1 | Group or Curve or Modulu s bits | DH key pair; EC key pair; RSA key pair | |||
| Key Pair Verificat ion with Safe Primes | Verify a key pair generat ed with Safe Primes | Crypto Officer - DH Public key: W,E - DH Private key: W,E | Key Pair Verificat ion with Safe Primes | EVP_PKEY_public_check or EVP_PKEY_private_check or EVP_PKEY_check returns 1 | Key pair | Pass/fai l | |||
| Key Pair Verificat ion with ECDSA | Verify a key pair generat ed with ECDSA | Crypto Officer - EC Public key: W,E - EC Private key: W,E | Key Pair Verificat ion with ECDSA | EVP_PKEY_public_check or EVP_PKEY_private_check or EVP_PKEY_check returns 1 | Key pair | Pass/fai l | |||
| Key Pair Verificat ion with RSA | Verify a key pair generat ed with RSA | Crypto Officer - RSA public key: W,E - RSA private key: W,E | EVP_PKEY_public_check or EVP_PKEY_private_check or EVP_PKEY_check returns 1 | Key pair | Pass/fai l | ||||
| Random Number Generat ion | Genera te random bytes | Crypto Officer - Entrop y input: W,E - DRBG interna l state (V value, C value): G,W,E - DRBG interna l state (V value, Key): G,W,E - DRBG seed: G,W,E | Random Number Generat ion | EVP_RAND_generate returns 1 | Output length | Rando m bytes | |||
| Show status | Show the current status of the module | Crypto Officer | None | None | N/A | Module status | |||
| Show module name and version | Show module name and the version of the module | Crypto Officer | None | None | N/A | Name and version informa tion | |||
| Self-test | Perform CASTs and integrit y test | Crypto Officer | Messag e digest Messag e Authent ication Code | None | N/A | Pass/fai l result of self- tests |
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module
N/A for this module. The module does not support authentication methods.
Table 13: Roles The module supports the Crypto Officer role only. This sole role is implicitly and always assumed by the operator of the module when performing a service. The module does not support multiple concurrent operators.
y s t W,E W,E © 2025 SUSE, LLC/atsec information security corporation.
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module y s W,E W,E e ea e W,E W,E ea E e e keyderivati Keyderivati W,E © 2025 SUSE, LLC/atsec information security corporation.
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module y s G,R W,E G,R W,E G,R W,E G,R W,E G,R © 2025 SUSE, LLC/atsec information security corporation.
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module y s p p p p W,E p G,R p p p p W,E p G,R W,E G,R W,E © 2025 SUSE, LLC/atsec information security corporation.
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module y s G,R ea W,E W,E G,R ea W,E W,E G,R ea W,E W,E G,R © 2025 SUSE, LLC/atsec information security corporation.
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module y s RSAbased 80056B W,E RSAbased 80056B , W,E e e, e W,E W,E e e, l e W,E W,E © 2025 SUSE, LLC/atsec information security corporation.
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module y s G,R G,R G,R G,R G,R © 2025 SUSE, LLC/atsec information security corporation.
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module y s G,R G,E,Z l W,E W,E l W,E W,E l W,E W,E © 2025 SUSE, LLC/atsec information security corporation.
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module y s m y W,E (V C G,W,E (V G,W,E G,W,E N/A N/A N/A of selftests e © 2025 SUSE, LLC/atsec information security corporation.
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module y s e e p © 2025 SUSE, LLC/atsec information security corporation.
| Name | Description | Role Access | Csps Accessed | Indicator | Input | Output |
|---|---|---|---|---|---|---|
| Zeroizat ion | Zeroize SSPs. | None | Crypto Officer - AES key: Z - HMAC key: Z - RSA private key: Z - RSA public key: Z - DH Private key: Z | None | Any SSP | N/A |
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module y s N/A © 2025 SUSE, LLC/atsec information security corporation.
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module y s Z Z Z Z Z Z p © 2025 SUSE, LLC/atsec information security corporation.
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module y s Z p Z Z Z y Z (V C Z (V Z Table 14: Approved Services © 2025 SUSE, LLC/atsec information security corporation.
| Name | Description | Roles | Role Access | Approved Functions |
|---|---|---|---|---|
| OSSL_CIPHER_PARAM_SUSE_FIPS_INDICATOR | EVP_CIPHER_CTX | |||
| OSSL_MAC_PARAM_SUSE_FIPS_INDICATOR | EVP_MAC_CTX | |||
| OSSL_KDF_PARAM_SUSE_FIPS_INDICATOR | EVP_KDF_CTX | |||
| OSSL_SIGNATURE_PARAM_SUSE_FIPS_INDICATOR | EVP_PKEY_CTX | |||
| AES GCM (external IV) | Authenticated Encryption | CO | AES GCM (external IV) | |
| HMAC (< 112- bit keys) | Compute a MAC tag | CO | HMAC (< 112-bit keys) | |
| Key derivation | Derive a key from a key- derivation key or a shared secret | CO | KBKDF, KDA OneStep, KDA TwoStep, HKDF, ANS X9.42 KDF, ANS X9.63 KDF (< 112-bit keys) KDA OneStep, KDA TwoStep (SHAKE128, SHAKE256) ANS X9.42 KDF (SHAKE128, SHAKE256) ANS X9.63 KDF (SHA-1, SHAKE128, SHAKE256) SSH KDF (SHA-512/224, SHA- |
| Name | Description | Roles | Role Access | Approved Functions |
|---|---|---|---|---|
| OSSL_CIPHER_PARAM_SUSE_FIPS_INDICATOR | EVP_CIPHER_CTX | |||
| OSSL_MAC_PARAM_SUSE_FIPS_INDICATOR | EVP_MAC_CTX | |||
| OSSL_KDF_PARAM_SUSE_FIPS_INDICATOR | EVP_KDF_CTX | |||
| OSSL_SIGNATURE_PARAM_SUSE_FIPS_INDICATOR | EVP_PKEY_CTX | |||
| AES GCM (external IV) | Authenticated Encryption | CO | AES GCM (external IV) | |
| HMAC (< 112- bit keys) | Compute a MAC tag | CO | HMAC (< 112-bit keys) | |
| Key derivation | Derive a key from a key- derivation key or a shared secret | CO | KBKDF, KDA OneStep, KDA TwoStep, HKDF, ANS X9.42 KDF, ANS X9.63 KDF (< 112-bit keys) KDA OneStep, KDA TwoStep (SHAKE128, SHAKE256) ANS X9.42 KDF (SHAKE128, SHAKE256) ANS X9.63 KDF (SHA-1, SHAKE128, SHAKE256) SSH KDF (SHA-512/224, SHA- |
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module The module provides services to operators that assume the available role. All services are described in detail in the API documentation (manual pages). The convention below applies when specifying the access permissions (types) that the service has for each SSP.
© 2025 SUSE, LLC/atsec information security corporation.
| Name | Description | Roles | Approved Functions |
|---|---|---|---|
| PBKDF2 (< 112-bit keys) | Derive a key from a password | CO | PBKDF2 (< 8 characters password; < 128 salt length; < 1000 iterations; < 112-bit keys) |
| Signature generation | Generate a signature | CO | RSA and ECDSA (pre-hashed message) RSA-PSS (invalid salt length: FIPS 186-5, section 5.4, item(g)) |
| Signature verification | Verify a signature | CO | RSA and ECDSA (pre-hashed message) RSA-PSS (invalid salt length: FIPS 186-5, section 5.4, item(g)) |
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module Table 16: Non-Approved Services The table above lists the non-approved services in this module, the algorithms involved and the roles that can request the service. In this table, CO specifies the Crypto Officer role.
The module does not load external software or firmware. © 2025 SUSE, LLC/atsec information security corporation.
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module
The integrity of the module is verified by comparing a HMAC SHA-256 value calculated at run time with the HMAC SHA-256 value embedded in the fips.so file that was computed at build time. The module performs a KAT for the HMAC SHA-256 algorithm in order to test its proper operation before performing the checksum of the fips.so file.
Integrity tests are performed as part of the pre-operational self-tests, which are executed when the module is initialized. The integrity test may be invoked on-demand by unloading and subsequently re-initializing the module, or by calling the OSSL_PROVIDER_self_test function. This will perform (among others) the software integrity test. © 2025 SUSE, LLC/atsec information security corporation.
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module
Type of Operational Environment: Modifiable How Requirements are Satisfied: Any SSPs contained within the module are protected by the process isolation and memory separation mechanisms, and only the module has control over these SSPs.
The module shall be installed as stated in Section 11 Life-Cycle Assurance. If properly installed, the operating system provides process isolation and memory protection mechanisms that ensure appropriate separation for memory access among the processes on the system. Each process has control over its own data and uncontrolled access to the data of other processes is prevented. Instrumentation tools like the ptrace system call, gdb and strace, userspace live patching, as well as other tracing mechanisms offered by the Linux environment such as ftrace or systemtap, shall not be used in the operational environment. The use of any of these tools implies that the cryptographic module is running in a non-validated operational environment. © 2025 SUSE, LLC/atsec information security corporation.
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module
The module is comprised of software only and therefore this Section is Not Applicable (N/A). © 2025 SUSE, LLC/atsec information security corporation.
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module
This module does not implement any non-invasive security mechanism, and therefore this Section is not applicable. © 2025 SUSE, LLC/atsec information security corporation.
| Name | Type | Description |
|---|---|---|
| RAM | Dynamic | Temporary storage for SSPs used by the module as part of service execution. SSPs are stored until they are zeroized by the operator (using a zeroization call or removing power from the module) or zeroized automatically |
| Name | Approved Functions | Type | From | To | Distributio n Type |
|---|---|---|---|---|---|
| API input parameter s | Electroni c | Plaintex t | Operator calling application (TOEPP) | Cryptographi c module | Manual |
| API output parameter s | Electroni c | Plaintex t | Cryptographi c module | Operator calling application (TOEPP) | Manual |
| Zeroization | Description | Rationale | Operator | ||
|---|---|---|---|---|---|
| Method | Initiation | ||||
| Free cipher handle | Zeroizes the SSPs contained within the cipher handle. | By calling the appropriate zeroization functions: AES key: EVP_CIPHER_CTX_free and EVP_MAC_CTX_free; HMAC key: EVP_MAC_CTX_free; Key-derivation key: | By calling the cipher related zeroization API |
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module
Table 17: Storage Areas The module does not perform persistent storage of SSPs. The SSPs are temporarily stored in the RAM in plaintext form.
s t c s t c m Table 18: SSP Input-Output Methods on the same operational environment. This corresponds to manual distribution, electronic entry/output (“CM Software to/from App via TOEPP Path”) per FIPS 140-3 IG 9.5.A Table 1. There is no entry or output of cryptographically protected SSPs.
© 2025 SUSE, LLC/atsec information security corporation.
| Name | Description | Zeroization | |
|---|---|---|---|
| Memory occupied by SSPs is overwritten with zeroes, which renders the SSP values irretrievable. | Automatically zeroized by the module when no longer needed | Automatic | N/A |
| Volatile memory used by the module is overwritten within nanoseconds when power is removed. | De-allocates the volatile memory used to store SSPs | Module Reset | By unloading and reloading the module |
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module N/A Table 19: SSP Zeroization Methods The application that uses the module is responsible for the appropriate zeroization of SSPs. The module provides key allocation and destruction functions, which overwrites the memory Memory allocation of SSPs is performed by the OPENSSL_malloc() API call and the application in use of the module is responsible for the calling of the appropriate zeroization functions from the OpenSSL API. The zeroization functions then overwrite the memory OPENSSL_cleanse() should be used to overwrite sensitive data such as private keys. All data output is inhibited during zeroization. © 2025 SUSE, LLC/atsec information security corporation.
| Name | Type | Description | Strength | Generation | Establishment | Use |
|---|---|---|---|---|---|---|
| AES key | Symmetri c key - CSP | AES key used for encryption, decryption, and computing MAC tags | AES-XTS: 256, 512 bits; Other modes: 128, 192, 256 bits - AES-XTS: 128, 256 bits; Other modes: 128, 192, 256 bits | Symmetric Encryption with AES Symmetric Decryption with AES Authentica ted Symmetric Encryption Authentica ted Symmetric Decryption | ||
| HMAC key | Symmetri c key - CSP | HMAC key used for computing MAC tags | 112- 524288 bits - 112- 256 bits | Message Authentica tion Code | ||
| Module- generate d RSA private key | Private key - CSP | RSA private key generated by the module | 2048- 15360 bits - 112- 256 bits | Key Pair Generati on with RSA | Key Pair Generation with RSA | |
| Module- generate d RSA public key | Public key - PSP | RSA public key generated by the module | 2048- 15360 bits - Key pair generatio n: 112- 256 bits | Key Pair Generati on with RSA | Key Pair Generation with RSA | |
| RSA private key | Private key - CSP | RSA private key written to the module | 2048- 16384 bits - 112- 256 bits | Signature Generation Shared Secret Computati on with RSA Asymmetri c Decryption with RSA | ||
| RSA public key | Public key - PSP | RSA public key written to the module | Signature verificatio n: 1024- 16384 bits; Others: 2048- 16384 bits - Signature verificatio n: 80-256 bits; Others: 112-256 bits | Signature Verification Shared Secret Computati on with RSA Asymmetri c Encryption with RSA | ||
| Module- generate d DH Private key | Private key - CSP | DH Private key generated by the module | 2048- 8192 bits - 112-200 bits | Key Pair Generati on with Safe Primes | Key Pair Generation with Safe Primes | |
| Module- generate d DH Public key | Public key - PSP | DH Public key generated by the module | 2048- 8192 bits - 112-200 bits | Key Pair Generati on with Safe Primes | Key Pair Generation with Safe Primes | |
| DH Private key | Private key - CSP | DH Private key written to the module | 2048- 8192 bits - 112-200 bits | Shared Secret Computati on with DH Key Pair Verification with Safe Primes | ||
| DH Public key | Public key - PSP | DH Public key written to the module | 2048- 8192 bits - 112-200 bits | Shared Secret Computati on with DH Key Pair Verification with Safe Primes | ||
| Module- generate d EC Private key | Private key - CSP | EC Private key generated by the module | P-224, P- 256, P- 384, P- 521 bits - 112, 128, 192, 256 bits | Key Pair Generati on with ECDSA | Key Pair Generation with ECDSA | |
| Module- generate d EC Public key | Public key - PSP | EC Public key generated by the module | P-224, P- 256, P- 384, P- 521 bits - 112, 128, 192, 256 bits | Key Pair Generati on with ECDSA | Key Pair Generation with ECDSA | |
| EC Private key | Private key - CSP | EC Private key written the module and used by ECDSA and ECDH | P-224, P- 256, P- 384, P- 521 bits - 112, 128, 192, 256 bits | Shared Secret Computati on with ECDH Signature Generation Key Pair Verification with ECDSA | ||
| EC Public key | Public key - PSP | EC Public key written the module and used by ECDSA and ECDH | P-224, P- 256, P- 384, P- 521 bits - 112, 128, 192, 256 bits | Signature Verification Shared Secret Computati on with ECDH Key Pair Verification with ECDSA | ||
| Key Derivatio n Key | Symmetri c key - CSP | Symmetric key used to derive symmetric keys | 112-4096 bits - 112- 256 bits | Key Derivation with KBKDF | ||
| KBKDF Derived Key | Symmetri c key - CSP | Symmetric key derived from a | 112-4096 bits - 112- 256 bits | Key Derivatio | Key Derivation | |
| key-derivation key | key-derivation key | n with KBKDF | with KBKDF | |||
| HKDF Derived Key | Symmetri c key - CSP | Symmetric key derived from a shared secret | 112-4096 bits - 112- 256 bits | Key Derivatio n with HKDF | Key Derivation with HKDF | |
| SSH Derived Key | Symmetri c key - CSP | Symmetric key derived from a shared secret | 112-4096 bits - 112- 256 bits | Key Derivatio n with SSH KDF | Key Derivation with SSH KDF | |
| X9.63 Derived Key | Symmetri c key - CSP | Symmetric key derived from a shared secret | 112-4096 bits - 112- 256 bits | Key Derivatio n with X9.63 KDF | Key Derivation with X9.63 KDF | |
| X9.42 Derived Key | Symmetri c key - CSP | Symmetric key derived from a shared secret | 112-4096 bits - 112- 256 bits | Key Derivatio n with X9.42 KDF | Key Derivation with X9.42 KDF | |
| Password or passphra se | Password - CSP | Password or passphrase used by PBKDF to derive symmetric keys | 8-128 character s - N/A | Password- based Key Derivation | ||
| PBKDF Derived Key | Symmetri c key - CSP | Key derived from PBKDF password/passp hrase during key derivation | 112-4096 bits - 112- 256 bits | Passwor d-based Key Derivatio n | Password- based Key Derivation | |
| KDA OneStep Derived Key | Symmetri c key - CSP | Symmetric key derived from a shared secret | 112-4096 bits - 112- 256 bits | Key Derivatio n with KDA OneStep | Key Derivation with KDA OneStep | |
| KDA TwoStep Derived Key | Symmetri c key - CSP | Symmetric key derived from a shared secret | 112-4096 bits - 112- 256 bits | Key Derivatio n with KDA TwoStep | Key Derivation with KDA TwoStep | |
| TLS Derived Key | Symmetri c key - CSP | Derived key used in Transport Layer Security (TLS) network protocol | 112-4096 bits - 112- 256 bits | TLS Key Derivatio n | ||
| Shared Secret | Shared Secret - CSP | Shared secret generated by ECDH/DH/RSA shared secret computation | 224-8912 bits - 112- 256 bits | Shared Secret Computat ion with DH Shared Secret Computat ion with ECDH Shared Secret Computat ion with RSA | Key Derivation with KDA OneStep Key Derivation with KDA TwoStep Key Derivation with X9.42 KDF Key Derivation with X9.63 KDF Key Derivation with SSH KDF Key Derivation with HKDF Shared Secret Computati on with DH Shared Secret Computati on with ECDH Shared Secret Computati on with RSA | |
| Entropy input | Entropy Input - CSP | Entropy input string used to seed the DRBG | 128-384 bits - 128- 256 bits | Random Number Generation | ||
| DRBG seed | Seed - CSP | DRBG seed derived from entropy input (IG D.L compliant) | CTR_DRB G: 256, 320, 384 bits; Hash_DRB G: 440, 888 bits; HMAC_DR BG: 160, 256, 512 bits - CTR_DRB G: 128, 192, 256 bits; HMAC_DR BG, Hash_DRB G: 128, 256 bits | Random Number Generati on | Random Number Generation | |
| DRBG internal state (V value, C value) | Internal state - CSP | Internal state of the Hash_DRBG (IG D.L compliant) | 880, 1776 bits - 128, 256 bits | Random Number Generati on | Random Number Generation | |
| DRBG internal state (V value, Key) | Internal state - CSP | Internal state of the CTR_DRBG and HMAC_DRBG (IG D.L compliant) | CTR_DRB G: 256, 320, 384 bits; HMAC_DR BG: 320, 512, 1024 bits - CTR_DRB G: 128, 192, 256 bits; HMAC_DR BG: 128, 256 bits | Random Number Generati on | Random Number Generation | |
| Intermedi ate key | Intermedi ate value - CSP | Intermediate key pair generation | 112- 15360 | Key Pair Generati on with | Key Pair Generation with RSA |
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module
y 112524288 bits - 112256 bits Modulegenerate 204815360 bits - 112256 bits Modulegenerate 204815360 n: 112256 bits 204816384 bits - 112256 bits c © 2025 SUSE, LLC/atsec information security corporation.
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module y n: 102416384 204816384 Modulegenerate
c © 2025 SUSE, LLC/atsec information security corporation.
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module y Modulegenerate P-224, P256, P384, P521 bits 112, 128, Modulegenerate P-224, P256, P384, P521 bits 112, 128, P-224, P256, P384, P521 bits 112, 128, P-224, P256, P384, P521 bits 112, 128, bits - 112256 bits bits - 112256 bits © 2025 SUSE, LLC/atsec information security corporation.
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module y bits - 112256 bits bits - 112256 bits bits - 112256 bits bits - 112256 bits s - N/A bits - 112256 bits n Passwordbased Key bits - 112256 bits bits - 112256 bits Passwordbased Key © 2025 SUSE, LLC/atsec information security corporation.
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module y bits - 112256 bits n bits - 112256 bits bits - 128256 bits © 2025 SUSE, LLC/atsec information security corporation.
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module y 11215360 © 2025 SUSE, LLC/atsec information security corporation.
| Name | Description | Strength | Generation | Storage | Zeroization | Use | Input | Storage Duration | Related SSPs |
|---|---|---|---|---|---|---|---|---|---|
| generatio n value | value generated during key generation and key derivation services (SP 800-133 Rev. 2 Section 4, 5.1, and 5.2) | bits - 112- 256 bits | RSA Key Pair Generati on with ECDSA Key Pair Generati on with Safe Primes | Key Pair Generation with ECDSA Key Pair Generation with Safe Primes | |||||
| AES key | RAM:Plaintex t | Free cipher handle Module Reset | API input parameter s | From service invocation until cipherhandl e is freed | |||||
| HMAC key | RAM:Plaintex t | Free cipher handle Module Reset | API input parameter s | From service invocation until cipherhandl e is freed | |||||
| Module- generated RSA private key | RAM:Plaintex t | Free cipher handle Module Reset | API output parameter s | From service invocation until cipherhandl e is freed | Module-generated RSA public key:Paired With Intermediate key generation value:Generated From | ||||
| Module- generated RSA public key | RAM:Plaintex t | Free cipher handle Module Reset | API output parameter s | From service invocation until cipherhandl e is freed | Module-generated RSA private key:Paired With Intermediate key generation value:Generated From |
| Name | Description | Strength | Generation | Storage | Zeroization | Use | Input | Storage Duration | Related SSPs |
|---|---|---|---|---|---|---|---|---|---|
| generatio n value | value generated during key generation and key derivation services (SP 800-133 Rev. 2 Section 4, 5.1, and 5.2) | bits - 112- 256 bits | RSA Key Pair Generati on with ECDSA Key Pair Generati on with Safe Primes | Key Pair Generation with ECDSA Key Pair Generation with Safe Primes | |||||
| AES key | RAM:Plaintex t | Free cipher handle Module Reset | API input parameter s | From service invocation until cipherhandl e is freed | |||||
| HMAC key | RAM:Plaintex t | Free cipher handle Module Reset | API input parameter s | From service invocation until cipherhandl e is freed | |||||
| Module- generated RSA private key | RAM:Plaintex t | Free cipher handle Module Reset | API output parameter s | From service invocation until cipherhandl e is freed | Module-generated RSA public key:Paired With Intermediate key generation value:Generated From | ||||
| Module- generated RSA public key | RAM:Plaintex t | Free cipher handle Module Reset | API output parameter s | From service invocation until cipherhandl e is freed | Module-generated RSA private key:Paired With Intermediate key generation value:Generated From |
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module bits - 112256 bits y Table 20: SSP Table 1 n s t s t Modulegenerated s t Modulegenerated s t © 2025 SUSE, LLC/atsec information security corporation.
| Name | Storage | Zeroization | Input | Related SSPs | |
|---|---|---|---|---|---|
| RSA private key | RAM:Plaintex t | Free cipher handle Module Reset | API input parameter s | From service invocation until cipherhandl e is freed | RSA public key:Paired With |
| RSA public key | RAM:Plaintex t | Free cipher handle Module Reset | API input parameter s | From service invocation until cipherhandl e is freed | RSA private key:Paired With |
| Module- generated DH Private key | RAM:Plaintex t | Free cipher handle Module Reset | API output parameter s | From service invocation until cipherhandl e is freed | Module-generated DH Public key:Paired With Intermediate key generation value:Generated From |
| Module- generated DH Public key | RAM:Plaintex t | Free cipher handle Module Reset | API output parameter s | From service invocation until cipherhandl e is freed | Module-generated DH Private key:Paired With Intermediate key generation value:Generated From |
| DH Private key | RAM:Plaintex t | Free cipher handle Module Reset | API input parameter s | From service invocation until cipherhandl e is freed | DH Public key:Paired With |
| DH Public key | RAM:Plaintex t | Free cipher handle Module Reset | API input parameter s | From service invocation until cipherhandl e is freed | DH Private key:Paired With |
| Module- generated EC Private key | RAM:Plaintex t | Free cipher handle Module Reset | API output parameter s | From service invocation until | Module-generated EC Public key:Paired With Intermediate key generation |
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module n s t s t Modulegenerated s t Modulegenerated s t s t s t Modulegenerated s t © 2025 SUSE, LLC/atsec information security corporation.
| Name | Generation | Storage | Zeroization | Input | Cipherhandl e is freed |
|---|---|---|---|---|---|
| Module- generated EC Public key | Module-generated EC private key:Paired With Intermediate key generation value:Generated From | RAM:Plaintex t | Free cipher handle Module Reset | API output parameter s | From service invocation until cipherhandl e is freed |
| EC Private key | EC Public key:Paired With | RAM:Plaintex t | Free cipher handle Module Reset | API input parameter s | From service invocation until cipherhandl e is freed |
| EC Public key | EC private key:Paired With | RAM:Plaintex t | Free cipher handle Module Reset | API input parameter s | From service invocation until cipherhandl e is freed |
| Key Derivation Key | KBKDF Derived Key:Derives | RAM:Plaintex t | Free cipher handle Module Reset | API input parameter s | From service invocation until cipherhandl e is freed |
| KBKDF Derived Key | Key-derivation key:Derived From | RAM:Plaintex t | Free cipher handle Module Reset | API output parameter s | From service invocation until cipherhandl e is freed |
| HKDF Derived Key | Shared secret:Derived From | RAM:Plaintex t | Free cipher handle Module Reset | API output parameter s | From service invocation until cipherhandl e is freed |
| SSH Derived Key | Shared secret:Derived From | RAM:Plaintex t | Free cipher handle Module Reset | API output parameter s | From service invocation until |
| X9.63 Derived Key | Shared secret:Derived From | RAM:Plaintex t | Free cipher handle Module Reset | API output parameter s | From service invocation until cipherhandl e is freed |
| X9.42 Derived Key | Shared secret:Derived From | RAM:Plaintex t | Free cipher handle Module Reset | API output parameter s | From service invocation until cipherhandl e is freed |
| Password or passphrase | PBKDF Derived Key:Derives | RAM:Plaintex t | Free cipher handle Module Reset | API input parameter s | From service invocation until cipherhandl e is freed |
| PBKDF Derived Key | Password or passphrase:Derive d From | RAM:Plaintex t | Free cipher handle Module Reset | API output parameter s | From service invocation until cipherhandl e is freed |
| KDA OneStep Derived Key | Shared secret:Derived From | RAM:Plaintex t | Free cipher handle Module Reset | API output parameter s | From service invocation until cipherhandl e is freed |
| KDA TwoStep Derived Key | Shared secret:Derived From | RAM:Plaintex t | Free cipher handle Module Reset | API output parameter s | From service invocation until cipherhandl e is freed |
| TLS Derived Key | Shared Secret:Derived From | RAM:Plaintex t | Free cipher handle Module Reset | API output parameter s | From service invocation until |
| Shared Secret | DH private key:Established By DH public key:Established By EC private key:Established By EC public key:Established By HKDF Derived Key:Derives KDA OneStep Derived Key:Derives KDA TwoStep Derived Key:Derives TLS Derived Key:Derives SSH Derived Key:Derives X9.63 Derived Key:Derives X9.42 Derived Key:Derives RSA private key:Established By RSA public key:Established By | RAM:Plaintex t | Free cipher handle Module Reset | API input parameter s API output parameter s | From service invocation until cipherhandl e is freed |
| Entropy input | DRBG seed:Derives | RAM:Plaintex t | Automatic Module Reset | From generation until DRBG seed is created | |
| DRBG seed | Entropy input:Derived From DRBG internal state (V value, C value):Generates DRBG internal state (V value, Key):Generates | RAM:Plaintex t | Automatic Module Reset | While the DRBG is instantiated |
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module n Modulegenerated s t s t s t s t s t s t s t © 2025 SUSE, LLC/atsec information security corporation.
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module n s t s t s t s t s t s t s t © 2025 SUSE, LLC/atsec information security corporation.
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module n s s t t t © 2025 SUSE, LLC/atsec information security corporation.
| Name | Storage | Zeroization | Related SSPs | |
|---|---|---|---|---|
| DRBG internal state (V value, C value) | RAM:Plaintex t | Free cipher handle Module Reset | From DRBG instantiatio n until DRBG termination | DRBG seed:Generated From |
| DRBG internal state (V value, Key) | RAM:Plaintex t | Free cipher handle Module Reset | From DRBG instantiatio n until DRBG termination | DRBG seed:Generated From |
| Intermediat e key generation value | RAM:Plaintex t | Automatic | From service invocation until cipherhandl e is freed | DH private key:Generates DH public key:Generates EC private key:Generates EC public key:Generates RSA private key:Generates RSA public key:Generates |
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module n t t t Table 21: SSP Table 2
The SHA-1 algorithm as implemented by the module will be non-approved for all purposes, starting January 1, 2031. © 2025 SUSE, LLC/atsec information security corporation.
| Name | Algorithm Or Test | Test Method | Test Type | Details | Indicator | |
|---|---|---|---|---|---|---|
| HMAC- SHA2-256 (A5868) | HMAC- SHA2-256 (A5868) | Message authentication | SW/FW Integrity | Integrity test of the shared library component of the module. Verified by comparing an HMAC SHA-256 value calculated at run time with the HMAC SHA-256 value embedded in the fips.so file that was computed at build time. | 256-bits key | Module becomes operational and services are available for use |
| HMAC- SHA2-256 (A5864) | HMAC- SHA2-256 (A5864) | Message authentication | SW/FW Integrity | Integrity test of the shared library component of the module. Verified by comparing an HMAC SHA-256 value calculated at run time with the HMAC SHA-256 value embedded in the fips.so file that was computed at build time. | 256-bits key | Module becomes operational and services are available for use |
| HMAC- SHA2-256 (A5876) | HMAC- SHA2-256 (A5876) | Message authentication | SW/FW Integrity | Integrity test of the shared library component of the module. Verified by comparing an HMAC SHA-256 value calculated at run time with the HMAC SHA-256 value embedded in the fips.so file that was computed at build time. | 256-bits key | Module becomes operational and services are available for use |
| HMAC- SHA2-256 (A5877) | HMAC- SHA2-256 (A5877) | Message authentication | SW/FW Integrity | Integrity test of the shared library component of the | 256-bits key | Module becomes operational |
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module
HMACSHA2-256 HMACSHA2-256 HMACSHA2-256 HMACSHA2-256 © 2025 SUSE, LLC/atsec information security corporation.
| Name | Role Access | Approved Functions | Type | Properties | Test Method |
|---|---|---|---|---|---|
| Module becomes operational and services are available for use | Integrity test of the shared library component of the module. Verified by comparing an HMAC SHA-256 value calculated at run time with the HMAC SHA-256 value embedded in the fips.so file that was computed at build time. | HMAC- SHA2-256 (A5878) | SW/FW Integrity | 256-bits key | Message authentication |
| Module becomes operational and services are available for use | Integrity test of the shared library component of the module. Verified by comparing an HMAC SHA-256 value calculated at run time with the HMAC SHA-256 value embedded in the fips.so file that was computed at build time. | HMAC- SHA2-256 (A5879) | SW/FW Integrity | 256-bits key | Message authentication |
| Module becomes operational and services are available for use | Integrity test of the shared library component of the module. Verified by comparing an HMAC SHA-256 value calculated at run time with the HMAC SHA-256 value embedded in the fips.so file that | HMAC- SHA2-256 (A5883) | SW/FW Integrity | 256-bits key | Message authentication |
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module HMACSHA2-256 HMACSHA2-256 HMACSHA2-256 © 2025 SUSE, LLC/atsec information security corporation.
| Name | Algorithm Or Test | Test Method | Test Type | Details | Indicator | Conditions | |
|---|---|---|---|---|---|---|---|
| HMAC- SHA2-256 (A5889) | HMAC- SHA2-256 (A5889) | Message authentication | SW/FW Integrity | Integrity test of the shared library component of the module. Verified by comparing an HMAC SHA-256 value calculated at run time with the HMAC SHA-256 value embedded in the fips.so file that was computed at build time. | 256-bits key Message | Module becomes operational and services are available for use | |
| SHA-1 (A5868) | SHA-1 (A5868) | KAT | CAST | Message digest | 24-bit message | Module becomes operational | Test runs at power-on before the integrity test |
| SHA-1 (A5876) | SHA-1 (A5876) | KAT | CAST | Message digest | 24-bit message | Module becomes operational | Test runs at power-on before the integrity test |
| SHA-1 (A5877) | SHA-1 (A5877) | KAT | CAST | Message digest | 24-bit message | Module becomes operational | Test runs at power-on before the integrity test |
| Name | Algorithm Or Test | Test Method | Test Type | Period | Periodic Method | Details | Indicator | Conditions | |
|---|---|---|---|---|---|---|---|---|---|
| HMAC- SHA2-256 (A5889) | HMAC- SHA2-256 (A5889) | Message authentication | SW/FW Integrity | Integrity test of the shared library component of the module. Verified by comparing an HMAC SHA-256 value calculated at run time with the HMAC SHA-256 value embedded in the fips.so file that was computed at build time. | 256-bits key Message | Module becomes operational and services are available for use | |||
| SHA-1 (A5868) | SHA-1 (A5868) | KAT | CAST | Message digest | 24-bit message | Module becomes operational | Test runs at power-on before the integrity test | ||
| SHA-1 (A5876) | SHA-1 (A5876) | KAT | CAST | Message digest | 24-bit message | Module becomes operational | Test runs at power-on before the integrity test | ||
| SHA-1 (A5877) | SHA-1 (A5877) | KAT | CAST | Message digest | 24-bit message | Module becomes operational | Test runs at power-on before the integrity test | ||
| SHA-1 (A5878) | SHA-1 (A5878) | KAT | CAST | Message digest | 24-bit message | Module becomes operational | Test runs at power-on before the integrity test | ||
| SHA-1 (A5879) | SHA-1 (A5879) | KAT | CAST | Message digest | 24-bit message | Module becomes operational | Test runs at power-on before the integrity test | ||
| SHA-1 (A5883) | SHA-1 (A5883) | KAT | CAST | Message digest | 24-bit message | Module becomes operational | Test runs at power-on before the integrity test | ||
| SHA-1 (A5889) | SHA-1 (A5889) | KAT | CAST | Message digest | 24-bit message | Module becomes operational | Test runs at power-on before the integrity test | ||
| SHA2-512 (A5868) | SHA2-512 (A5868) | KAT | CAST | Message digest | 24-bit message | Module becomes operational | Test runs at power-on before the integrity test | ||
| SHA2-512 (A5876) | SHA2-512 (A5876) | KAT | CAST | Message digest | 24-bit message | Module becomes operational | Test runs at power-on before the integrity test | ||
| SHA2-512 (A5877) | SHA2-512 (A5877) | KAT | CAST | Message digest | 24-bit message | Module becomes operational | Test runs at power-on before the integrity test | ||
| SHA2-512 (A5878) | SHA2-512 (A5878) | KAT | CAST | Message digest | 24-bit message | Module becomes operational | Test runs at power-on before the integrity test | ||
| SHA2-512 (A5879) | SHA2-512 (A5879) | KAT | CAST | Message digest | 24-bit message | Module becomes operational | Test runs at power-on before the integrity test | ||
| SHA2-512 (A5883) | SHA2-512 (A5883) | KAT | CAST | Message digest | 24-bit message | Module becomes operational | Test runs at power-on before the integrity test | ||
| SHA2-512 (A5889) | SHA2-512 (A5889) | KAT | CAST | Message digest | 24-bit message | Module becomes operational | Test runs at power-on before the integrity test | ||
| HMAC- SHA2-256 (A5864) | HMAC- SHA2-256 (A5864) | KAT | CAST | Message digest | 256-bit key | Module becomes operational | Test runs at power-on before the integrity test | ||
| HMAC- SHA2-256 (A5868) | HMAC- SHA2-256 (A5868) | KAT | CAST | Message digest | 256-bit key | Module becomes operational | Test runs at power-on before the integrity test | ||
| HMAC- SHA2-256 (A5876) | HMAC- SHA2-256 (A5876) | KAT | CAST | Message digest | 256-bit key | Module becomes operational | Test runs at power-on before the integrity test | ||
| HMAC- SHA2-256 (A5877) | HMAC- SHA2-256 (A5877) | KAT | CAST | Message digest | 256-bit key | Module becomes operational | Test runs at power-on before the integrity test | ||
| HMAC- SHA2-256 (A5878) | HMAC- SHA2-256 (A5878) | KAT | CAST | Message digest | 256-bit key | Module becomes operational | Test runs at power-on before the integrity test | ||
| HMAC- SHA2-256 (A5879) | HMAC- SHA2-256 (A5879) | KAT | CAST | Message digest | 256-bit key | Module becomes operational | Test runs at power-on before the integrity test | ||
| HMAC- SHA2-256 (A5883) | HMAC- SHA2-256 (A5883) | KAT | CAST | Message digest | 256-bit key | Module becomes operational | Test runs at power-on before the integrity test | ||
| HMAC- SHA2-256 (A5889) | HMAC- SHA2-256 (A5889) | KAT | CAST | Message digest | 256-bit key | Module becomes operational | Test runs at power-on before the integrity test | ||
| SHA3-256 (A5869) | SHA3-256 (A5869) | KAT | CAST | Message digest | 32-bit message | Module becomes operational | Test runs at power-on before the integrity test | ||
| SHA3-256 (A5885) | SHA3-256 (A5885) | KAT | CAST | Message digest | 32-bit message | Module becomes operational | Test runs at power-on before the integrity test | ||
| AES-GCM (A5870) | AES-GCM (A5870) | KAT | CAST | Symmetric operation | 256-bit key and 96-bit IV, encypt and decrypt | Module becomes operational | Test runs at power-on before the integrity test | ||
| AES-GCM (A5871) | AES-GCM (A5871) | KAT | CAST | Symmetric operation | 256-bit key and 96-bit IV, encypt and decrypt | Module becomes operational | Test runs at power-on before the integrity test | ||
| AES-GCM (A5872) | AES-GCM (A5872) | KAT | CAST | Symmetric operation | 256-bit key and 96-bit IV, encypt and decrypt | Module becomes operational | Test runs at power-on before the integrity test | ||
| AES-GCM (A5873) | AES-GCM (A5873) | KAT | CAST | Symmetric operation | 256-bit key and 96-bit IV, encypt and decrypt | Module becomes operational | Test runs at power-on before the integrity test | ||
| AES-GCM (A5874) | AES-GCM (A5874) | KAT | CAST | Symmetric operation | 256-bit key and 96-bit IV, encypt and decrypt | Module becomes operational | Test runs at power-on before the integrity test | ||
| AES-GCM (A5875) | AES-GCM (A5875) | KAT | CAST | Symmetric operation | 256-bit key and 96-bit IV, encypt and decrypt | Module becomes operational | Test runs at power-on before the integrity test | ||
| AES-GCM (A5880) | AES-GCM (A5880) | KAT | CAST | Symmetric operation | 256-bit key and 96-bit IV, encypt and decrypt | Module becomes operational | Test runs at power-on before the integrity test | ||
| AES-GCM (A5881) | AES-GCM (A5881) | KAT | CAST | Symmetric operation | 256-bit key and 96-bit IV, encypt and decrypt | Module becomes operational | Test runs at power-on before the integrity test | ||
| AES-GCM (A5882) | AES-GCM (A5882) | KAT | CAST | Symmetric operation | 256-bit key and 96-bit IV, encypt and decrypt | Module becomes operational | Test runs at power-on before the integrity test | ||
| AES-GCM (A5886) | AES-GCM (A5886) | KAT | CAST | Symmetric operation | 256-bit key and 96-bit IV, encypt and decrypt | Module becomes operational | Test runs at power-on before the integrity test | ||
| AES-GCM (A5887) | AES-GCM (A5887) | KAT | CAST | Symmetric operation | 256-bit key and 96-bit IV, encypt and decrypt | Module becomes operational | Test runs at power-on before the integrity test | ||
| AES-GCM (A5888) | AES-GCM (A5888) | KAT | CAST | Symmetric operation | 256-bit key and 96-bit IV, encypt and decrypt | Module becomes operational | Test runs at power-on before the integrity test | ||
| AES-GCM (A5903) | AES-GCM (A5903) | KAT | CAST | Symmetric operation | 256-bit key and 96-bit IV, encypt and decrypt | Module becomes operational | Test runs at power-on before the integrity test | ||
| AES-GCM (A5904) | AES-GCM (A5904) | KAT | CAST | Symmetric operation | 256-bit key and 96-bit IV, encypt and decrypt | Module becomes operational | Test runs at power-on before the integrity test | ||
| AES-GCM (A5905) | AES-GCM (A5905) | KAT | CAST | Symmetric operation | 256-bit key and 96-bit IV, encypt and decrypt | Module becomes operational | Test runs at power-on before the integrity test | ||
| AES-ECB (A5398) | AES-ECB (A5398) | KAT | CAST | Symmetric operation | 128-bit key, decrypt | Module becomes operational | Test runs at power-on before the integrity test | ||
| AES-ECB (A5399) | AES-ECB (A5399) | KAT | CAST | Symmetric operation | 128-bit key, decrypt | Module becomes operational | Test runs at power-on before the integrity test | ||
| AES-ECB (A5400) | AES-ECB (A5400) | KAT | CAST | Symmetric operation | 128-bit key, decrypt | Module becomes operational | Test runs at power-on before the integrity test | ||
| AES-ECB (A5401) | AES-ECB (A5401) | KAT | CAST | Symmetric operation | 128-bit key, decrypt | Module becomes operational | Test runs at power-on before the integrity test | ||
| AES-ECB (A5402) | AES-ECB (A5402) | KAT | CAST | Symmetric operation | 128-bit key, decrypt | Module becomes operational | Test runs at power-on before the integrity test | ||
| AES-ECB (A5403) | AES-ECB (A5403) | KAT | CAST | Symmetric operation | 128-bit key, decrypt | Module becomes operational | Test runs at power-on before the integrity test | ||
| AES-ECB (A5658) | AES-ECB (A5658) | KAT | CAST | Symmetric operation | 128-bit key, decrypt | Module becomes operational | Test runs at power-on before the integrity test | ||
| AES-ECB (A5884) | AES-ECB (A5884) | KAT | CAST | Symmetric operation | 128-bit key, decrypt | Module becomes operational | Test runs at power-on before the integrity test | ||
| AES-ECB (A5893) | AES-ECB (A5893) | KAT | CAST | Symmetric operation | 128-bit key, decrypt | Module becomes operational | Test runs at power-on before the integrity test | ||
| AES-ECB (A5894) | AES-ECB (A5894) | KAT | CAST | Symmetric operation | 128-bit key, decrypt | Module becomes operational | Test runs at power-on before the integrity test | ||
| AES-ECB (A5895) | AES-ECB (A5895) | KAT | CAST | Symmetric operation | 128-bit key, decrypt | Module becomes operational | Test runs at power-on before the integrity test | ||
| AES-ECB (A5896) | AES-ECB (A5896) | KAT | CAST | Symmetric operation | 128-bit key, decrypt | Module becomes operational | Test runs at power-on before the integrity test | ||
| AES-ECB (A5900) | AES-ECB (A5900) | KAT | CAST | Symmetric operation | 128-bit key, decrypt | Module becomes operational | Test runs at power-on before the integrity test | ||
| RSA SigGen (FIPS186-5) (A5868) | RSA SigGen (FIPS186-5) (A5868) | KAT | CAST | Digital signature generation | PKCS#1 v1.5 with SHA-256 and 2048-bit key | Module becomes operational | Test runs at power-on before the integrity test | ||
| RSA SigGen (FIPS186-5) (A5869) | RSA SigGen (FIPS186-5) (A5869) | KAT | CAST | Digital signature generation | PKCS#1 v1.5 with SHA-256 and 2048-bit key | Module becomes operational | Test runs at power-on before the integrity test | ||
| RSA SigGen (FIPS186-5) (A5876) | RSA SigGen (FIPS186-5) (A5876) | KAT | CAST | Digital signature generation | PKCS#1 v1.5 with SHA-256 and 2048-bit key | Module becomes operational | Test runs at power-on before the integrity test | ||
| RSA SigGen (FIPS186-5) (A5877) | RSA SigGen (FIPS186-5) (A5877) | KAT | CAST | Digital signature generation | PKCS#1 v1.5 with SHA-256 and 2048-bit key | Module becomes operational | Test runs at power-on before the integrity test | ||
| RSA SigGen (FIPS186-5) (A5878) | RSA SigGen (FIPS186-5) (A5878) | KAT | CAST | Digital signature generation | PKCS#1 v1.5 with SHA-256 and 2048-bit key | Module becomes operational | Test runs at power-on before the integrity test | ||
| RSA SigGen (FIPS186-5) (A5879) | RSA SigGen (FIPS186-5) (A5879) | KAT | CAST | Digital signature generation | PKCS#1 v1.5 with SHA-256 and 2048-bit key | Module becomes operational | Test runs at power-on before the integrity test | ||
| RSA SigGen (FIPS186-5) (A5883) | RSA SigGen (FIPS186-5) (A5883) | KAT | CAST | Digital signature generation | PKCS#1 v1.5 with SHA-256 and 2048-bit key | Module becomes operational | Test runs at power-on before the integrity test | ||
| RSA SigGen (FIPS186-5) (A5885) | RSA SigGen (FIPS186-5) (A5885) | KAT | CAST | Digital signature generation | PKCS#1 v1.5 with SHA-256 and 2048-bit key | Module becomes operational | Test runs at power-on before the integrity test | ||
| RSA SigGen (FIPS186-5) (A5889) | RSA SigGen (FIPS186-5) (A5889) | KAT | CAST | Digital signature generation | PKCS#1 v1.5 with SHA-256 and 2048-bit key | Module becomes operational | Test runs at power-on before the integrity test | ||
| RSA SigVer (FIPS186-5) (A5868) | RSA SigVer (FIPS186-5) (A5868) | KAT | CAST | Digital signature verification | PKCS#1 v1.5 with SHA-256 and 2048-bit key | Module becomes operational | Test runs at power-on before the integrity test | ||
| RSA SigVer (FIPS186-5) (A5869) | RSA SigVer (FIPS186-5) (A5869) | KAT | CAST | Digital signature verification | PKCS#1 v1.5 with SHA-256 and 2048-bit key | Module becomes operational | Test runs at power-on before the integrity test | ||
| RSA SigVer (FIPS186-5) (A5876) | RSA SigVer (FIPS186-5) (A5876) | KAT | CAST | Digital signature verification | PKCS#1 v1.5 with SHA-256 and 2048-bit key | Module becomes operational | Test runs at power-on before the integrity test | ||
| RSA SigVer (FIPS186-5) (A5877) | RSA SigVer (FIPS186-5) (A5877) | KAT | CAST | Digital signature verification | PKCS#1 v1.5 with SHA-256 and 2048-bit key | Module becomes operational | Test runs at power-on before the integrity test | ||
| RSA SigVer (FIPS186-5) (A5878) | RSA SigVer (FIPS186-5) (A5878) | KAT | CAST | Digital signature verification | PKCS#1 v1.5 with SHA-256 and 2048-bit key | Module becomes operational | Test runs at power-on before the integrity test | ||
| RSA SigVer (FIPS186-5) (A5879) | RSA SigVer (FIPS186-5) (A5879) | KAT | CAST | Digital signature verification | PKCS#1 v1.5 with SHA-256 and 2048-bit key | Module becomes operational | Test runs at power-on before the integrity test | ||
| RSA SigVer (FIPS186-5) (A5883) | RSA SigVer (FIPS186-5) (A5883) | KAT | CAST | Digital signature verification | PKCS#1 v1.5 with SHA-256 and 2048-bit key | Module becomes operational | Test runs at power-on before the integrity test | ||
| RSA SigVer (FIPS186-5) (A5885) | RSA SigVer (FIPS186-5) (A5885) | KAT | CAST | Digital signature verification | PKCS#1 v1.5 with SHA-256 and 2048-bit key | Module becomes operational | Test runs at power-on before the integrity test | ||
| RSA SigVer (FIPS186-5) (A5889) | RSA SigVer (FIPS186-5) (A5889) | KAT | CAST | Digital signature verification | PKCS#1 v1.5 with SHA-256 and 2048-bit key | Module becomes operational | Test runs at power-on before the integrity test | ||
| ECDSA SigGen (FIPS186-5) (A5868) | ECDSA SigGen (FIPS186-5) (A5868) | KAT | CAST | Digital signature generation | SHA-256 and P-224, P-256, P- 384, and P- 521 | Module becomes operational | Test runs at power-on before the integrity test | ||
| ECDSA SigGen (FIPS186-5) (A5869) | ECDSA SigGen (FIPS186-5) (A5869) | KAT | CAST | Digital signature generation | SHA-256 and P-224, P-256, P- 384, and P- 521 | Module becomes operational | Test runs at power-on before the integrity test | ||
| ECDSA SigGen (FIPS186-5) (A5876) | ECDSA SigGen (FIPS186-5) (A5876) | KAT | CAST | Digital signature generation | SHA-256 and P-224, P-256, P- 384, and P- 521 | Module becomes operational | Test runs at power-on before the integrity test | ||
| ECDSA SigGen (FIPS186-5) (A5877) | ECDSA SigGen (FIPS186-5) (A5877) | KAT | CAST | Digital signature generation | SHA-256 and P-224, P-256, P- 384, and P- 521 | Module becomes operational | Test runs at power-on before the integrity test | ||
| ECDSA SigGen (FIPS186-5) (A5878) | ECDSA SigGen (FIPS186-5) (A5878) | KAT | CAST | Digital signature generation | SHA-256 and P-224, P-256, P- 384, and P- 521 | Module becomes operational | Test runs at power-on before the integrity test | ||
| ECDSA SigGen (FIPS186-5) (A5879) | ECDSA SigGen (FIPS186-5) (A5879) | KAT | CAST | Digital signature generation | SHA-256 and P-224, P-256, P- 384, and P- 521 | Module becomes operational | Test runs at power-on before the integrity test | ||
| ECDSA SigGen (FIPS186-5) (A5883) | ECDSA SigGen (FIPS186-5) (A5883) | KAT | CAST | Digital signature generation | SHA-256 and P-224, P-256, P- 384, and P- 521 | Module becomes operational | Test runs at power-on before the integrity test | ||
| ECDSA SigGen (FIPS186-5) (A5885) | ECDSA SigGen (FIPS186-5) (A5885) | KAT | CAST | Digital signature generation | SHA-256 and P-224, P-256, P- 384, and P- 521 | Module becomes operational | Test runs at power-on before the integrity test | ||
| ECDSA SigGen (FIPS186-5) (A5889) | ECDSA SigGen (FIPS186-5) (A5889) | KAT | CAST | Digital signature generation | SHA-256 and P-224, P-256, P- 384, and P- 521 | Module becomes operational | Test runs at power-on before the integrity test | ||
| ECDSA SigVer (FIPS186-5) (A5868) | ECDSA SigVer (FIPS186-5) (A5868) | KAT | CAST | Digital signature verification | SHA-256 and P-224, P-256, P- 384, and P- 521 | Module becomes operational | Test runs at power-on before the integrity test | ||
| ECDSA SigVer (FIPS186-5) (A5869) | ECDSA SigVer (FIPS186-5) (A5869) | KAT | CAST | Digital signature verification | SHA-256 and P-224, P-256, P- 384, and P- 521 | Module becomes operational | Test runs at power-on before the integrity test | ||
| ECDSA SigVer (FIPS186-5) (A5876) | ECDSA SigVer (FIPS186-5) (A5876) | KAT | CAST | Digital signature verification | SHA-256 and P-224, P-256, P- 384, and P- 521 | Module becomes operational | Test runs at power-on before the integrity test | ||
| ECDSA SigVer (FIPS186-5) (A5877) | ECDSA SigVer (FIPS186-5) (A5877) | KAT | CAST | Digital signature verification | SHA-256 and P-224, P-256, P- 384, and P- 521 | Module becomes operational | Test runs at power-on before the integrity test | ||
| ECDSA SigVer (FIPS186-5) (A5878) | ECDSA SigVer (FIPS186-5) (A5878) | KAT | CAST | Digital signature verification | SHA-256 and P-224, P-256, P- 384, and P- 521 | Module becomes operational | Test runs at power-on before the integrity test | ||
| ECDSA SigVer (FIPS186-5) (A5879) | ECDSA SigVer (FIPS186-5) (A5879) | KAT | CAST | Digital signature verification | SHA-256 and P-224, P-256, P- 384, and P- 521 | Module becomes operational | Test runs at power-on before the integrity test | ||
| ECDSA SigVer (FIPS186-5) (A5883) | ECDSA SigVer (FIPS186-5) (A5883) | KAT | CAST | Digital signature verification | SHA-256 and P-224, P-256, P- 384, and P- 521 | Module becomes operational | Test runs at power-on before the integrity test | ||
| ECDSA SigVer (FIPS186-5) (A5885) | ECDSA SigVer (FIPS186-5) (A5885) | KAT | CAST | Digital signature verification | SHA-256 and P-224, P-256, P- 384, and P- 521 | Module becomes operational | Test runs at power-on before the integrity test | ||
| ECDSA SigVer (FIPS186-5) (A5889) | ECDSA SigVer (FIPS186-5) (A5889) | KAT | CAST | Digital signature verification | SHA-256 and P-224, P-256, P- 384, and P- 521 | Module becomes operational | Test runs at power-on before the integrity test | ||
| KDF SP800- 108 (A5899) | KDF SP800- 108 (A5899) | KAT | CAST | Key Derivation with KBKDF | HMAC-SHA2- 256 in counter mode and 128-bit input key | Module becomes operational | Test runs at power-on before the integrity test | ||
| KDA OneStep SP800- 56Cr2 (A5897) | KDA OneStep SP800- 56Cr2 (A5897) | KAT | CAST | Shared secret key derivation | SHA2-224 and 448-bit input secret | Module becomes operational | Test runs at power-on before the integrity test | ||
| KDA TwoStep SP800- 56Cr2 (A5897) | KDA TwoStep SP800- 56Cr2 (A5897) | KAT | CAST | Shared secret key derivation | SHA2-224 and 448-bit input secret | Module becomes operational | Test runs at power-on before the integrity test | ||
| KDA HKDF SP800- 56Cr2 (A5863) | KDA HKDF SP800- 56Cr2 (A5863) | KAT | CAST | Shared secret key derivation | SHA2-256 and 48-bit secret | Module becomes operational | Test runs at power-on before the integrity test | ||
| KDF ANS 9.42 (A5868) | KDF ANS 9.42 (A5868) | KAT | CAST | ANS X9.42 key derivation | AES-128 KW and SHA-1 and 160-bit input secret | Module becomes operational | Test runs at power-on before the integrity test | ||
| KDF ANS 9.42 (A5869) | KDF ANS 9.42 (A5869) | KAT | CAST | ANS X9.42 key derivation | AES-128 KW and SHA-1 and 160-bit input secret | Module becomes operational | Test runs at power-on before the integrity test | ||
| KDF ANS 9.42 (A5876) | KDF ANS 9.42 (A5876) | KAT | CAST | ANS X9.42 key derivation | AES-128 KW and SHA-1 and 160-bit input secret | Module becomes operational | Test runs at power-on before the integrity test | ||
| KDF ANS 9.42 (A5877) | KDF ANS 9.42 (A5877) | KAT | CAST | ANS X9.42 key derivation | AES-128 KW and SHA-1 and 160-bit input secret | Module becomes operational | Test runs at power-on before the integrity test | ||
| KDF ANS 9.42 (A5878) | KDF ANS 9.42 (A5878) | KAT | CAST | ANS X9.42 key derivation | AES-128 KW and SHA-1 and 160-bit input secret | Module becomes operational | Test runs at power-on before the integrity test | ||
| KDF ANS 9.42 (A5879) | KDF ANS 9.42 (A5879) | KAT | CAST | ANS X9.42 key derivation | AES-128 KW and SHA-1 and 160-bit input secret | Module becomes operational | Test runs at power-on before the integrity test | ||
| KDF ANS 9.42 (A5883) | KDF ANS 9.42 (A5883) | KAT | CAST | ANS X9.42 key derivation | AES-128 KW and SHA-1 and 160-bit input secret | Module becomes operational | Test runs at power-on before the integrity test | ||
| KDF ANS 9.42 (A5885) | KDF ANS 9.42 (A5885) | KAT | CAST | ANS X9.42 key derivation | AES-128 KW and SHA-1 and 160-bit input secret | Module becomes operational | Test runs at power-on before the integrity test | ||
| KDF ANS 9.42 (A5889) | KDF ANS 9.42 (A5889) | KAT | CAST | ANS X9.42 key derivation | AES-128 KW and SHA-1 and 160-bit input secret | Module becomes operational | Test runs at power-on before the integrity test | ||
| KDF ANS 9.63 (A5868) | KDF ANS 9.63 (A5868) | KAT | CAST | ANS X9.63 key derivation | SHA2-256 and 192-bit input secret | Module becomes operational | Test runs at power-on before the integrity test | ||
| KDF ANS 9.63 (A5869) | KDF ANS 9.63 (A5869) | KAT | CAST | ANS X9.63 key derivation | SHA2-256 and 192-bit input secret | Module becomes operational | Test runs at power-on before the integrity test | ||
| KDF ANS 9.63 (A5876) | KDF ANS 9.63 (A5876) | KAT | CAST | ANS X9.63 key derivation | SHA2-256 and 192-bit input secret | Module becomes operational | Test runs at power-on before the integrity test | ||
| KDF ANS 9.63 (A5877) | KDF ANS 9.63 (A5877) | KAT | CAST | ANS X9.63 key derivation | SHA2-256 and 192-bit input secret | Module becomes operational | Test runs at power-on before the integrity test | ||
| KDF ANS 9.63 (A5878) | KDF ANS 9.63 (A5878) | KAT | CAST | ANS X9.63 key derivation | SHA2-256 and 192-bit input secret | Module becomes operational | Test runs at power-on before the integrity test | ||
| KDF ANS 9.63 (A5879) | KDF ANS 9.63 (A5879) | KAT | CAST | ANS X9.63 key derivation | SHA2-256 and 192-bit input secret | Module becomes operational | Test runs at power-on before the integrity test | ||
| KDF ANS 9.63 (A5883) | KDF ANS 9.63 (A5883) | KAT | CAST | ANS X9.63 key derivation | SHA2-256 and 192-bit input secret | Module becomes operational | Test runs at power-on before the integrity test | ||
| KDF ANS 9.63 (A5885) | KDF ANS 9.63 (A5885) | KAT | CAST | ANS X9.63 key derivation | SHA2-256 and 192-bit input secret | Module becomes operational | Test runs at power-on before the integrity test | ||
| KDF ANS 9.63 (A5889) | KDF ANS 9.63 (A5889) | KAT | CAST | ANS X9.63 key derivation | SHA2-256 and 192-bit input secret | Module becomes operational | Test runs at power-on before the integrity test | ||
| KDF SSH (A5884) | KDF SSH (A5884) | KAT | CAST | SSH KDF key derivation | SHA-1 and 1056-bit input secret | Module becomes operational | Test runs at power-on before the integrity test | ||
| KDF SSH (A5893) | KDF SSH (A5893) | KAT | CAST | SSH KDF key derivation | SHA-1 and 1056-bit input secret | Module becomes operational | Test runs at power-on before the integrity test | ||
| KDF SSH (A5894) | KDF SSH (A5894) | KAT | CAST | SSH KDF key derivation | SHA-1 and 1056-bit input secret | Module becomes operational | Test runs at power-on before the integrity test | ||
| KDF SSH (A5895) | KDF SSH (A5895) | KAT | CAST | SSH KDF key derivation | SHA-1 and 1056-bit input secret | Module becomes operational | Test runs at power-on before the integrity test | ||
| KDF SSH (A5896) | KDF SSH (A5896) | KAT | CAST | SSH KDF key derivation | SHA-1 and 1056-bit input secret | Module becomes operational | Test runs at power-on before the integrity test | ||
| KDF SSH (A5900) | KDF SSH (A5900) | KAT | CAST | SSH KDF key derivation | SHA-1 and 1056-bit input secret | Module becomes operational | Test runs at power-on before the integrity test | ||
| TLS v1.2 KDF RFC7627 (A5868) | TLS v1.2 KDF RFC7627 (A5868) | KAT | CAST | TLS v1.2 KDF key derivation | SHA2-256 and 384-bit input secret | Module becomes operational | Test runs at power-on before the integrity test | ||
| TLS v1.2 KDF RFC7627 (A5876) | TLS v1.2 KDF RFC7627 (A5876) | KAT | CAST | TLS v1.2 KDF key derivation | SHA2-256 and 384-bit input secret | Module becomes operational | Test runs at power-on before the integrity test | ||
| TLS v1.2 KDF RFC7627 (A5877) | TLS v1.2 KDF RFC7627 (A5877) | KAT | CAST | TLS v1.2 KDF key derivation | SHA2-256 and 384-bit input secret | Module becomes operational | Test runs at power-on before the integrity test | ||
| TLS v1.2 KDF RFC7627 (A5878) | TLS v1.2 KDF RFC7627 (A5878) | KAT | CAST | TLS v1.2 KDF key derivation | SHA2-256 and 384-bit input secret | Module becomes operational | Test runs at power-on before the integrity test | ||
| TLS v1.2 KDF RFC7627 (A5879) | TLS v1.2 KDF RFC7627 (A5879) | KAT | CAST | TLS v1.2 KDF key derivation | SHA2-256 and 384-bit input secret | Module becomes operational | Test runs at power-on before the integrity test | ||
| TLS v1.2 KDF RFC7627 (A5883) | TLS v1.2 KDF RFC7627 (A5883) | KAT | CAST | TLS v1.2 KDF key derivation | SHA2-256 and 384-bit input secret | Module becomes operational | Test runs at power-on before the integrity test | ||
| TLS v1.2 KDF RFC7627 (A5889) | TLS v1.2 KDF RFC7627 (A5889) | KAT | CAST | TLS v1.2 KDF key derivation | SHA2-256 and 384-bit input secret | Module becomes operational | Test runs at power-on before the integrity test | ||
| TLS v1.3 KDF (A5863) | TLS v1.3 KDF (A5863) | KAT | CAST | TLS v1.3 KDF key derivation | SHA2-256, extract and expand modes | Module becomes operational | Test runs at power-on before the integrity test | ||
| PBKDF (A5868) | PBKDF (A5868) | KAT | CAST | Password- based Key Derivation | SHA2-256 with 24 characters password, 288-bit salt, 4096 iterations | Module becomes operational | Test runs at power-on before the integrity test | ||
| PBKDF (A5869) | PBKDF (A5869) | KAT | CAST | Password- based Key Derivation | SHA2-256 with 24 characters password, 288-bit salt, 4096 iterations | Module becomes operational | Test runs at power-on before the integrity test | ||
| PBKDF (A5876) | PBKDF (A5876) | KAT | CAST | Password- based Key Derivation | SHA2-256 with 24 characters password, 288-bit salt, 4096 iterations | Module becomes operational | Test runs at power-on before the integrity test | ||
| PBKDF (A5877) | PBKDF (A5877) | KAT | CAST | Password- based Key Derivation | SHA2-256 with 24 characters password, 288-bit salt, 4096 iterations | Module becomes operational | Test runs at power-on before the integrity test | ||
| PBKDF (A5878) | PBKDF (A5878) | KAT | CAST | Password- based Key Derivation | SHA2-256 with 24 characters password, 288-bit salt, 4096 iterations | Module becomes operational | Test runs at power-on before the integrity test | ||
| PBKDF (A5879) | PBKDF (A5879) | KAT | CAST | Password- based Key Derivation | SHA2-256 with 24 characters password, | Module becomes operational | Test runs at power-on before the | ||
| 288-bit salt, 4096 iterations | 288-bit salt, 4096 iterations | integrity test | |||||||
| PBKDF (A5883) | PBKDF (A5883) | KAT | CAST | Password- based Key Derivation | SHA2-256 with 24 characters password, 288-bit salt, 4096 iterations | Module becomes operational | Test runs at power-on before the integrity test | ||
| PBKDF (A5885) | PBKDF (A5885) | KAT | CAST | Password- based Key Derivation | SHA2-256 with 24 characters password, 288-bit salt, 4096 iterations | Module becomes operational | Test runs at power-on before the integrity test | ||
| PBKDF (A5889) | PBKDF (A5889) | KAT | CAST | Password- based Key Derivation | SHA2-256 with 24 characters password, 288-bit salt, 4096 iterations | Module becomes operational | Test runs at power-on before the integrity test | ||
| Counter DRBG (A5397) | Counter DRBG (A5397) | KAT | CAST | Instantiate; Generate; Reseed (compliant to SP 800-90A Rev. 1 Section 11.3) | AES-128 with derivation function and prediction resistance | Module becomes operational | Test runs at power-on before the integrity test | ||
| Hash DRBG (A5397) | Hash DRBG (A5397) | KAT | CAST | Instantiate; Generate; Reseed (compliant to SP 800-90A Rev. 1 Section 11.3) | SHA2-256 and prediction resistance | Module becomes operational | Test runs at power-on before the integrity test | ||
| HMAC DRBG (A5397) | HMAC DRBG (A5397) | KAT | CAST | Instantiate; Generate; Reseed (compliant to SP 800-90A | HMAC-SHA-1 and prediction resistance | Module becomes operational | Test runs at power-on before the integrity test | ||
| KAS-FFC- SSC Sp800- 56Ar3 (A5898) | KAS-FFC- SSC Sp800- 56Ar3 (A5898) | KAT | CAST | Shared secret computation | ffdhe2048 | Module becomes operational | Test runs at power-on before the integrity test | ||
| KAS-ECC- SSC Sp800- 56Ar3 (A5868) | KAS-ECC- SSC Sp800- 56Ar3 (A5868) | KAT | CAST | Shared secret computation | P-256 | Module becomes operational | Test runs at power-on before the integrity test | ||
| KAS-ECC- SSC Sp800- 56Ar3 (A5876) | KAS-ECC- SSC Sp800- 56Ar3 (A5876) | KAT | CAST | Shared secret computation | P-256 | Module becomes operational | Test runs at power-on before the integrity test | ||
| KAS-ECC- SSC Sp800- 56Ar3 (A5877) | KAS-ECC- SSC Sp800- 56Ar3 (A5877) | KAT | CAST | Shared secret computation | P-256 | Module becomes operational | Test runs at power-on before the integrity test | ||
| KAS-ECC- SSC Sp800- 56Ar3 (A5878) | KAS-ECC- SSC Sp800- 56Ar3 (A5878) | KAT | CAST | Shared secret computation | P-256 | Module becomes operational | Test runs at power-on before the integrity test | ||
| KAS-ECC- SSC Sp800- 56Ar3 (A5879) | KAS-ECC- SSC Sp800- 56Ar3 (A5879) | KAT | CAST | Shared secret computation | P-256 | Module becomes operational | Test runs at power-on before the integrity test | ||
| KAS-ECC- SSC Sp800- 56Ar3 (A5883) | KAS-ECC- SSC Sp800- 56Ar3 (A5883) | KAT | CAST | Shared secret computation | P-256 | Module becomes operational | Test runs at power-on before the integrity test | ||
| KAS-ECC- SSC Sp800- 56Ar3 (A5889) | KAS-ECC- SSC Sp800- 56Ar3 (A5889) | KAT | CAST | Shared secret computation | P-256 | Module becomes operational | Test runs at power-on before the integrity test | ||
| Safe Primes Key Generation (A5898) | Safe Primes Key Generation (A5898) | PCT | PCT | SP 800-56A Rev. 3 Section 5.6.2.1.4 | N/A | Key pair generation is successful | Key pair generation | ||
| RSA KeyGen (FIPS186-5) (A5868) | RSA KeyGen (FIPS186-5) (A5868) | PCT | PCT | Signature generation and verification | PKCS#1 v1.5 with SHA-256 | Key pair generation is sucessful | Key pair generation | ||
| RSA KeyGen (FIPS186-5) (A5876) | RSA KeyGen (FIPS186-5) (A5876) | PCT | PCT | Signature generation and verification | PKCS#1 v1.5 with SHA-256 | Key pair generation is sucessful | Key pair generation | ||
| RSA KeyGen (FIPS186-5) (A5877) | RSA KeyGen (FIPS186-5) (A5877) | PCT | PCT | Signature generation and verification | PKCS#1 v1.5 with SHA-256 | Key pair generation is sucessful | Key pair generation | ||
| RSA KeyGen (FIPS186-5) (A5878) | RSA KeyGen (FIPS186-5) (A5878) | PCT | PCT | Signature generation and verification | PKCS#1 v1.5 with SHA-256 | Key pair generation is sucessful | Key pair generation | ||
| RSA KeyGen (FIPS186-5) (A5879) | RSA KeyGen (FIPS186-5) (A5879) | PCT | PCT | Signature generation and verification | PKCS#1 v1.5 with SHA-256 | Key pair generation is sucessful | Key pair generation | ||
| RSA KeyGen (FIPS186-5) (A5883) | RSA KeyGen (FIPS186-5) (A5883) | PCT | PCT | Signature generation and verification | PKCS#1 v1.5 with SHA-256 | Key pair generation is sucessful | Key pair generation | ||
| RSA KeyGen (FIPS186-5) (A5889) | RSA KeyGen (FIPS186-5) (A5889) | PCT | PCT | Signature generation and verification | PKCS#1 v1.5 with SHA-256 | Key pair generation is sucessful | Key pair generation | ||
| ECDSA KeyGen (FIPS186-5) (A5868) | ECDSA KeyGen (FIPS186-5) (A5868) | PCT | PCT | Signature generation and verification | SHA-256 | Key pair generation is sucessful | Key pair generation | ||
| ECDSA KeyGen (FIPS186-5) (A5876) | ECDSA KeyGen (FIPS186-5) (A5876) | PCT | PCT | Signature generation and verification | SHA-256 | Key pair generation is sucessful | Key pair generation | ||
| ECDSA KeyGen (FIPS186-5) (A5877) | ECDSA KeyGen (FIPS186-5) (A5877) | PCT | PCT | Signature generation and verification | SHA-256 | Key pair generation is sucessful | Key pair generation | ||
| ECDSA KeyGen (FIPS186-5) (A5878) | ECDSA KeyGen (FIPS186-5) (A5878) | PCT | PCT | Signature generation and verification | SHA-256 | Key pair generation is sucessful | Key pair generation | ||
| ECDSA KeyGen (FIPS186-5) (A5879) | ECDSA KeyGen (FIPS186-5) (A5879) | PCT | PCT | Signature generation and verification | SHA-256 | Key pair generation is sucessful | Key pair generation | ||
| ECDSA KeyGen (FIPS186-5) (A5883) | ECDSA KeyGen (FIPS186-5) (A5883) | PCT | PCT | Signature generation and verification | SHA-256 | Key pair generation is sucessful | Key pair generation | ||
| ECDSA KeyGen (FIPS186-5) (A5889) | ECDSA KeyGen (FIPS186-5) (A5889) | PCT | PCT | Signature generation and verification | SHA-256 | Key pair generation is sucessful | Key pair generation | ||
| KTS-IFC (A5868) | KTS-IFC (A5868) | KAT | CAST | Key encapsulation and un- encapsulation | OAEP with 2048-bit key | Module becomes operational | Test runs at power-on before the integrity test | ||
| KTS-IFC (A5876) | KTS-IFC (A5876) | KAT | CAST | Key encapsulation and un- encapsulation | OAEP with 2048-bit key | Module becomes operational | Test runs at power-on before the integrity test | ||
| KTS-IFC (A5877) | KTS-IFC (A5877) | KAT | CAST | Key encapsulation and un- encapsulation | OAEP with 2048-bit key | Module becomes operational | Test runs at power-on before the integrity test | ||
| KTS-IFC (A5878) | KTS-IFC (A5878) | KAT | CAST | Key encapsulation and un- encapsulation | OAEP with 2048-bit key | Module becomes operational | Test runs at power-on before the integrity test | ||
| KTS-IFC (A5879) | KTS-IFC (A5879) | KAT | CAST | Key encapsulation and un- encapsulation | OAEP with 2048-bit key | Module becomes operational | Test runs at power-on before the integrity test | ||
| KTS-IFC (A5883) | KTS-IFC (A5883) | KAT | CAST | Key encapsulation and un- encapsulation | OAEP with 2048-bit key | Module becomes operational | Test runs at power-on before the integrity test | ||
| KTS-IFC (A5889) | KTS-IFC (A5889) | KAT | CAST | Key encapsulation and un- encapsulation | OAEP with 2048-bit key | Module becomes operational | Test runs at power-on before the integrity test | ||
| HMAC-SHA2- 256 (A5868) | HMAC-SHA2- 256 (A5868) | Message authentication | SW/FW Integrity | On demand | Manually | ||||
| HMAC-SHA2- 256 (A5864) | HMAC-SHA2- 256 (A5864) | Message authentication | SW/FW Integrity | On demand | Manually | ||||
| HMAC-SHA2- 256 (A5876) | HMAC-SHA2- 256 (A5876) | Message authentication | SW/FW Integrity | On demand | Manually | ||||
| HMAC-SHA2- 256 (A5877) | HMAC-SHA2- 256 (A5877) | Message authentication | SW/FW Integrity | On demand | Manually | ||||
| HMAC-SHA2- 256 (A5878) | HMAC-SHA2- 256 (A5878) | Message authentication | SW/FW Integrity | On demand | Manually | ||||
| HMAC-SHA2- 256 (A5879) | HMAC-SHA2- 256 (A5879) | Message authentication | SW/FW Integrity | On demand | Manually | ||||
| HMAC-SHA2- 256 (A5883) | HMAC-SHA2- 256 (A5883) | Message authentication | SW/FW Integrity | On demand | Manually |
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module HMACSHA2-256 Table 22: Pre-Operational Self-Tests The pre-operational software integrity tests are performed automatically when the module is initialized, before the module transitions into the operational state. While the module is executing the self-tests, services are not available, and data output (via the data output interface) is inhibited until the tests are successfully completed. The module transitions to the operational state only after the pre-operational self-tests are passed successfully. Prior the first use, a CAST is executed for the algorithms used in the Pre-operational SelfTests.
© 2025 SUSE, LLC/atsec information security corporation.
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module © 2025 SUSE, LLC/atsec information security corporation.
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module HMACSHA2-256 HMACSHA2-256 HMACSHA2-256 HMACSHA2-256 HMACSHA2-256 © 2025 SUSE, LLC/atsec information security corporation.
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module HMACSHA2-256 HMACSHA2-256 HMACSHA2-256 © 2025 SUSE, LLC/atsec information security corporation.
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module © 2025 SUSE, LLC/atsec information security corporation.
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module © 2025 SUSE, LLC/atsec information security corporation.
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module © 2025 SUSE, LLC/atsec information security corporation.
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module © 2025 SUSE, LLC/atsec information security corporation.
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module © 2025 SUSE, LLC/atsec information security corporation.
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module P-256, P384, and P521 P-256, P384, and P521 P-256, P384, and P521 P-256, P384, and P521 P-256, P384, and P521 © 2025 SUSE, LLC/atsec information security corporation.
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module P-256, P384, and P521 P-256, P384, and P521 P-256, P384, and P521 P-256, P384, and P521 P-256, P384, and P521 P-256, P384, and P521 P-256, P384, and P521 P-256, P384, and P521 © 2025 SUSE, LLC/atsec information security corporation.
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module P-256, P384, and P521 P-256, P384, and P521 P-256, P384, and P521 P-256, P384, and P521 P-256, P384, and P521 KDF SP800108 SP80056Cr2 SP80056Cr2 © 2025 SUSE, LLC/atsec information security corporation.
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module SP80056Cr2 © 2025 SUSE, LLC/atsec information security corporation.
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module © 2025 SUSE, LLC/atsec information security corporation.
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module © 2025 SUSE, LLC/atsec information security corporation.
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module © 2025 SUSE, LLC/atsec information security corporation.
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module Passwordbased Key Passwordbased Key Passwordbased Key Passwordbased Key Passwordbased Key Passwordbased Key © 2025 SUSE, LLC/atsec information security corporation.
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module Passwordbased Key Passwordbased Key Passwordbased Key © 2025 SUSE, LLC/atsec information security corporation.
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module KAS-FFCSSC Sp80056Ar3 KAS-ECCSSC Sp80056Ar3 KAS-ECCSSC Sp80056Ar3 KAS-ECCSSC Sp80056Ar3 KAS-ECCSSC Sp80056Ar3 KAS-ECCSSC Sp80056Ar3 KAS-ECCSSC Sp80056Ar3 KAS-ECCSSC Sp80056Ar3 © 2025 SUSE, LLC/atsec information security corporation.
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module N/A 5.6.2.1.4 © 2025 SUSE, LLC/atsec information security corporation.
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module and unencapsulation and unencapsulation and unencapsulation and unencapsulation © 2025 SUSE, LLC/atsec information security corporation.
| Name | Algorithm Or Test | Test Method | Test Type | Period | Periodic Method | Details | Indicator | Conditions | |
|---|---|---|---|---|---|---|---|---|---|
| KTS-IFC (A5879) | KTS-IFC (A5879) | KAT | CAST | Key encapsulation and un- encapsulation | OAEP with 2048-bit key | Module becomes operational | Test runs at power-on before the integrity test | ||
| KTS-IFC (A5883) | KTS-IFC (A5883) | KAT | CAST | Key encapsulation and un- encapsulation | OAEP with 2048-bit key | Module becomes operational | Test runs at power-on before the integrity test | ||
| KTS-IFC (A5889) | KTS-IFC (A5889) | KAT | CAST | Key encapsulation and un- encapsulation | OAEP with 2048-bit key | Module becomes operational | Test runs at power-on before the integrity test | ||
| HMAC-SHA2- 256 (A5868) | HMAC-SHA2- 256 (A5868) | Message authentication | SW/FW Integrity | On demand | Manually | ||||
| HMAC-SHA2- 256 (A5864) | HMAC-SHA2- 256 (A5864) | Message authentication | SW/FW Integrity | On demand | Manually | ||||
| HMAC-SHA2- 256 (A5876) | HMAC-SHA2- 256 (A5876) | Message authentication | SW/FW Integrity | On demand | Manually | ||||
| HMAC-SHA2- 256 (A5877) | HMAC-SHA2- 256 (A5877) | Message authentication | SW/FW Integrity | On demand | Manually | ||||
| HMAC-SHA2- 256 (A5878) | HMAC-SHA2- 256 (A5878) | Message authentication | SW/FW Integrity | On demand | Manually | ||||
| HMAC-SHA2- 256 (A5879) | HMAC-SHA2- 256 (A5879) | Message authentication | SW/FW Integrity | On demand | Manually | ||||
| HMAC-SHA2- 256 (A5883) | HMAC-SHA2- 256 (A5883) | Message authentication | SW/FW Integrity | On demand | Manually | ||||
| HMAC-SHA2- 256 (A5889) | HMAC-SHA2- 256 (A5889) | Message authentication | SW/FW Integrity | On demand | Manually | ||||
| SHA-1 (A5868) | SHA-1 (A5868) | KAT | CAST | On Demand | Manually | ||||
| SHA-1 (A5876) | SHA-1 (A5876) | KAT | CAST | On Demand | Manually | ||||
| SHA-1 (A5877) | SHA-1 (A5877) | KAT | CAST | On Demand | Manually | ||||
| SHA-1 (A5878) | SHA-1 (A5878) | KAT | CAST | On Demand | Manually | ||||
| SHA-1 (A5879) | SHA-1 (A5879) | KAT | CAST | On Demand | Manually | ||||
| SHA-1 (A5883) | SHA-1 (A5883) | KAT | CAST | On Demand | Manually | ||||
| SHA-1 (A5889) | SHA-1 (A5889) | KAT | CAST | On Demand | Manually | ||||
| SHA2-512 (A5868) | SHA2-512 (A5868) | KAT | CAST | On Demand | Manually | ||||
| SHA2-512 (A5876) | SHA2-512 (A5876) | KAT | CAST | On Demand | Manually | ||||
| SHA2-512 (A5877) | SHA2-512 (A5877) | KAT | CAST | On Demand | Manually | ||||
| SHA2-512 (A5878) | SHA2-512 (A5878) | KAT | CAST | On Demand | Manually | ||||
| SHA2-512 (A5879) | SHA2-512 (A5879) | KAT | CAST | On Demand | Manually | ||||
| SHA2-512 (A5883) | SHA2-512 (A5883) | KAT | CAST | On Demand | Manually | ||||
| SHA2-512 (A5889) | SHA2-512 (A5889) | KAT | CAST | On Demand | Manually | ||||
| HMAC-SHA2- 256 (A5864) | HMAC-SHA2- 256 (A5864) | KAT | CAST | On Demand | Manually | ||||
| HMAC-SHA2- 256 (A5868) | HMAC-SHA2- 256 (A5868) | KAT | CAST | On Demand | Manually | ||||
| HMAC-SHA2- 256 (A5876) | HMAC-SHA2- 256 (A5876) | KAT | CAST | On Demand | Manually | ||||
| HMAC-SHA2- 256 (A5877) | HMAC-SHA2- 256 (A5877) | KAT | CAST | On Demand | Manually | ||||
| HMAC-SHA2- 256 (A5878) | HMAC-SHA2- 256 (A5878) | KAT | CAST | On Demand | Manually | ||||
| HMAC-SHA2- 256 (A5879) | HMAC-SHA2- 256 (A5879) | KAT | CAST | On Demand | Manually | ||||
| HMAC-SHA2- 256 (A5883) | HMAC-SHA2- 256 (A5883) | KAT | CAST | On Demand | Manually | ||||
| HMAC-SHA2- 256 (A5889) | HMAC-SHA2- 256 (A5889) | KAT | CAST | On demand | Manually | ||||
| SHA3-256 (A5869) | SHA3-256 (A5869) | KAT | CAST | On Demand | Manually | ||||
| SHA3-256 (A5885) | SHA3-256 (A5885) | KAT | CAST | On Demand | Manually | ||||
| AES-GCM (A5870) | AES-GCM (A5870) | KAT | CAST | On Demand | Manually | ||||
| AES-GCM (A5871) | AES-GCM (A5871) | KAT | CAST | On Demand | Manually | ||||
| AES-GCM (A5872) | AES-GCM (A5872) | KAT | CAST | On Demand | Manually | ||||
| AES-GCM (A5873) | AES-GCM (A5873) | KAT | CAST | On Demand | Manually | ||||
| AES-GCM (A5874) | AES-GCM (A5874) | KAT | CAST | On Demand | Manually | ||||
| AES-GCM (A5875) | AES-GCM (A5875) | KAT | CAST | On Demand | Manually | ||||
| AES-GCM (A5880) | AES-GCM (A5880) | KAT | CAST | On Demand | Manually | ||||
| AES-GCM (A5881) | AES-GCM (A5881) | KAT | CAST | On Demand | Manually | ||||
| AES-GCM (A5882) | AES-GCM (A5882) | KAT | CAST | On Demand | Manually | ||||
| AES-GCM (A5886) | AES-GCM (A5886) | KAT | CAST | On Demand | Manually | ||||
| AES-GCM (A5887) | AES-GCM (A5887) | KAT | CAST | On Demand | Manually | ||||
| AES-GCM (A5888) | AES-GCM (A5888) | KAT | CAST | On Demand | Manually | ||||
| AES-GCM (A5903) | AES-GCM (A5903) | KAT | CAST | On Demand | Manually | ||||
| AES-GCM (A5904) | AES-GCM (A5904) | KAT | CAST | On Demand | Manually | ||||
| AES-GCM (A5905) | AES-GCM (A5905) | KAT | CAST | On Demand | Manually | ||||
| AES-ECB (A5398) | AES-ECB (A5398) | KAT | CAST | On Demand | Manually | ||||
| AES-ECB (A5399) | AES-ECB (A5399) | KAT | CAST | On Demand | Manually | ||||
| AES-ECB (A5400) | AES-ECB (A5400) | KAT | CAST | On Demand | Manually | ||||
| AES-ECB (A5401) | AES-ECB (A5401) | KAT | CAST | On Demand | Manually | ||||
| AES-ECB (A5402) | AES-ECB (A5402) | KAT | CAST | On Demand | Manually | ||||
| AES-ECB (A5403) | AES-ECB (A5403) | KAT | CAST | On Demand | Manually | ||||
| AES-ECB (A5658) | AES-ECB (A5658) | KAT | CAST | On Demand | Manually | ||||
| AES-ECB (A5884) | AES-ECB (A5884) | KAT | CAST | On Demand | Manually | ||||
| AES-ECB (A5893) | AES-ECB (A5893) | KAT | CAST | On Demand | Manually | ||||
| AES-ECB (A5894) | AES-ECB (A5894) | KAT | CAST | On Demand | Manually | ||||
| AES-ECB (A5895) | AES-ECB (A5895) | KAT | CAST | On Demand | Manually | ||||
| AES-ECB (A5896) | AES-ECB (A5896) | KAT | CAST | On Demand | Manually | ||||
| AES-ECB (A5900) | AES-ECB (A5900) | KAT | CAST | On Demand | Manually | ||||
| RSA SigGen (FIPS186-5) (A5868) | RSA SigGen (FIPS186-5) (A5868) | KAT | CAST | On Demand | Manually | ||||
| RSA SigGen (FIPS186-5) (A5869) | RSA SigGen (FIPS186-5) (A5869) | KAT | CAST | On Demand | Manually | ||||
| RSA SigGen (FIPS186-5) (A5876) | RSA SigGen (FIPS186-5) (A5876) | KAT | CAST | On Demand | Manually | ||||
| RSA SigGen (FIPS186-5) (A5877) | RSA SigGen (FIPS186-5) (A5877) | KAT | CAST | On Demand | Manually | ||||
| RSA SigGen (FIPS186-5) (A5878) | RSA SigGen (FIPS186-5) (A5878) | KAT | CAST | On Demand | Manually | ||||
| RSA SigGen (FIPS186-5) (A5879) | RSA SigGen (FIPS186-5) (A5879) | KAT | CAST | On Demand | Manually | ||||
| RSA SigGen (FIPS186-5) (A5883) | RSA SigGen (FIPS186-5) (A5883) | KAT | CAST | On Demand | Manually | ||||
| RSA SigGen (FIPS186-5) (A5885) | RSA SigGen (FIPS186-5) (A5885) | KAT | CAST | On Demand | Manually | ||||
| RSA SigGen (FIPS186-5) (A5889) | RSA SigGen (FIPS186-5) (A5889) | KAT | CAST | On Demand | Manually | ||||
| RSA SigVer (FIPS186-5) (A5868) | RSA SigVer (FIPS186-5) (A5868) | KAT | CAST | On Demand | Manually | ||||
| RSA SigVer (FIPS186-5) (A5869) | RSA SigVer (FIPS186-5) (A5869) | KAT | CAST | On Demand | Manually | ||||
| RSA SigVer (FIPS186-5) (A5876) | RSA SigVer (FIPS186-5) (A5876) | KAT | CAST | On Demand | Manually | ||||
| RSA SigVer (FIPS186-5) (A5877) | RSA SigVer (FIPS186-5) (A5877) | KAT | CAST | On Demand | Manually | ||||
| RSA SigVer (FIPS186-5) (A5878) | RSA SigVer (FIPS186-5) (A5878) | KAT | CAST | On Demand | Manually | ||||
| RSA SigVer (FIPS186-5) (A5879) | RSA SigVer (FIPS186-5) (A5879) | KAT | CAST | On Demand | Manually | ||||
| RSA SigVer (FIPS186-5) (A5883) | RSA SigVer (FIPS186-5) (A5883) | KAT | CAST | On Demand | Manually | ||||
| RSA SigVer (FIPS186-5) (A5885) | RSA SigVer (FIPS186-5) (A5885) | KAT | CAST | On Demand | Manually | ||||
| RSA SigVer (FIPS186-5) (A5889) | RSA SigVer (FIPS186-5) (A5889) | KAT | CAST | On Demand | Manually | ||||
| ECDSA SigGen (FIPS186-5) (A5868) | ECDSA SigGen (FIPS186-5) (A5868) | KAT | CAST | On Demand | Manually | ||||
| ECDSA SigGen (FIPS186-5) (A5869) | ECDSA SigGen (FIPS186-5) (A5869) | KAT | CAST | On Demand | Manually | ||||
| ECDSA SigGen (FIPS186-5) (A5876) | ECDSA SigGen (FIPS186-5) (A5876) | KAT | CAST | On Demand | Manually | ||||
| ECDSA SigGen (FIPS186-5) (A5877) | ECDSA SigGen (FIPS186-5) (A5877) | KAT | CAST | On Demand | Manually | ||||
| ECDSA SigGen (FIPS186-5) (A5878) | ECDSA SigGen (FIPS186-5) (A5878) | KAT | CAST | On Demand | Manually | ||||
| ECDSA SigGen (FIPS186-5) (A5879) | ECDSA SigGen (FIPS186-5) (A5879) | KAT | CAST | On Demand | Manually | ||||
| ECDSA SigGen (FIPS186-5) (A5883) | ECDSA SigGen (FIPS186-5) (A5883) | KAT | CAST | On Demand | Manually | ||||
| ECDSA SigGen (FIPS186-5) (A5885) | ECDSA SigGen (FIPS186-5) (A5885) | KAT | CAST | On Demand | Manually | ||||
| ECDSA SigGen (FIPS186-5) (A5889) | ECDSA SigGen (FIPS186-5) (A5889) | KAT | CAST | On Demand | Manually | ||||
| ECDSA SigVer (FIPS186-5) (A5868) | ECDSA SigVer (FIPS186-5) (A5868) | KAT | CAST | On Demand | Manually | ||||
| ECDSA SigVer (FIPS186-5) (A5869) | ECDSA SigVer (FIPS186-5) (A5869) | KAT | CAST | On Demand | Manually | ||||
| ECDSA SigVer (FIPS186-5) (A5876) | ECDSA SigVer (FIPS186-5) (A5876) | KAT | CAST | On Demand | Manually | ||||
| ECDSA SigVer (FIPS186-5) (A5877) | ECDSA SigVer (FIPS186-5) (A5877) | KAT | CAST | On Demand | Manually | ||||
| ECDSA SigVer (FIPS186-5) (A5878) | ECDSA SigVer (FIPS186-5) (A5878) | KAT | CAST | On Demand | Manually | ||||
| ECDSA SigVer (FIPS186-5) (A5879) | ECDSA SigVer (FIPS186-5) (A5879) | KAT | CAST | On Demand | Manually | ||||
| ECDSA SigVer (FIPS186-5) (A5883) | ECDSA SigVer (FIPS186-5) (A5883) | KAT | CAST | On Demand | Manually | ||||
| ECDSA SigVer (FIPS186-5) (A5885) | ECDSA SigVer (FIPS186-5) (A5885) | KAT | CAST | On Demand | Manually | ||||
| ECDSA SigVer (FIPS186-5) (A5889) | ECDSA SigVer (FIPS186-5) (A5889) | KAT | CAST | On Demand | Manually | ||||
| KDF SP800-108 (A5899) | KDF SP800-108 (A5899) | KAT | CAST | On Demand | Manually | ||||
| KDA OneStep SP800-56Cr2 (A5897) | KDA OneStep SP800-56Cr2 (A5897) | KAT | CAST | On Demand | Manually | ||||
| KDA TwoStep SP800-56Cr2 (A5897) | KDA TwoStep SP800-56Cr2 (A5897) | KAT | CAST | On Demand | Manually | ||||
| KDA HKDF SP800-56Cr2 (A5863) | KDA HKDF SP800-56Cr2 (A5863) | KAT | CAST | On Demand | Manually | ||||
| KDF ANS 9.42 (A5868) | KDF ANS 9.42 (A5868) | KAT | CAST | On Demand | Manually | ||||
| KDF ANS 9.42 (A5869) | KDF ANS 9.42 (A5869) | KAT | CAST | On Demand | Manually | ||||
| KDF ANS 9.42 (A5876) | KDF ANS 9.42 (A5876) | KAT | CAST | On Demand | Manually | ||||
| KDF ANS 9.42 (A5877) | KDF ANS 9.42 (A5877) | KAT | CAST | On Demand | Manually | ||||
| KDF ANS 9.42 (A5878) | KDF ANS 9.42 (A5878) | KAT | CAST | On Demand | Manually | ||||
| KDF ANS 9.42 (A5879) | KDF ANS 9.42 (A5879) | KAT | CAST | On Demand | Manually | ||||
| KDF ANS 9.42 (A5883) | KDF ANS 9.42 (A5883) | KAT | CAST | On Demand | Manually | ||||
| KDF ANS 9.42 (A5885) | KDF ANS 9.42 (A5885) | KAT | CAST | On Demand | Manually | ||||
| KDF ANS 9.42 (A5889) | KDF ANS 9.42 (A5889) | KAT | CAST | On Demand | Manually | ||||
| KDF ANS 9.63 (A5868) | KDF ANS 9.63 (A5868) | KAT | CAST | On Demand | Manually | ||||
| KDF ANS 9.63 (A5869) | KDF ANS 9.63 (A5869) | KAT | CAST | On Demand | Manually | ||||
| KDF ANS 9.63 (A5876) | KDF ANS 9.63 (A5876) | KAT | CAST | On Demand | Manually | ||||
| KDF ANS 9.63 (A5877) | KDF ANS 9.63 (A5877) | KAT | CAST | On Demand | Manually | ||||
| KDF ANS 9.63 (A5878) | KDF ANS 9.63 (A5878) | KAT | CAST | On Demand | Manually | ||||
| KDF ANS 9.63 (A5879) | KDF ANS 9.63 (A5879) | KAT | CAST | On Demand | Manually | ||||
| KDF ANS 9.63 (A5883) | KDF ANS 9.63 (A5883) | KAT | CAST | On Demand | Manually | ||||
| KDF ANS 9.63 (A5885) | KDF ANS 9.63 (A5885) | KAT | CAST | On Demand | Manually | ||||
| KDF ANS 9.63 (A5889) | KDF ANS 9.63 (A5889) | KAT | CAST | On Demand | Manually | ||||
| KDF SSH (A5884) | KDF SSH (A5884) | KAT | CAST | On Demand | Manually | ||||
| KDF SSH (A5893) | KDF SSH (A5893) | KAT | CAST | On Demand | Manually | ||||
| KDF SSH (A5894) | KDF SSH (A5894) | KAT | CAST | On Demand | Manually | ||||
| KDF SSH (A5895) | KDF SSH (A5895) | KAT | CAST | On Demand | Manually | ||||
| KDF SSH (A5896) | KDF SSH (A5896) | KAT | CAST | On Demand | Manually | ||||
| KDF SSH (A5900) | KDF SSH (A5900) | KAT | CAST | On Demand | Manually | ||||
| TLS v1.2 KDF RFC7627 (A5868) | TLS v1.2 KDF RFC7627 (A5868) | KAT | CAST | On Demand | Manually | ||||
| TLS v1.2 KDF RFC7627 (A5876) | TLS v1.2 KDF RFC7627 (A5876) | KAT | CAST | On Demand | Manually | ||||
| TLS v1.2 KDF RFC7627 (A5877) | TLS v1.2 KDF RFC7627 (A5877) | KAT | CAST | On Demand | Manually | ||||
| TLS v1.2 KDF RFC7627 (A5878) | TLS v1.2 KDF RFC7627 (A5878) | KAT | CAST | On Demand | Manually | ||||
| TLS v1.2 KDF RFC7627 (A5879) | TLS v1.2 KDF RFC7627 (A5879) | KAT | CAST | On Demand | Manually | ||||
| TLS v1.2 KDF RFC7627 (A5883) | TLS v1.2 KDF RFC7627 (A5883) | KAT | CAST | On Demand | Manually | ||||
| TLS v1.2 KDF RFC7627 (A5889) | TLS v1.2 KDF RFC7627 (A5889) | KAT | CAST | On Demand | Manually | ||||
| TLS v1.3 KDF (A5863) | TLS v1.3 KDF (A5863) | KAT | CAST | On Demand | Manually | ||||
| PBKDF (A5868) | PBKDF (A5868) | KAT | CAST | On Demand | Manually | ||||
| PBKDF (A5869) | PBKDF (A5869) | KAT | CAST | On Demand | Manually | ||||
| PBKDF (A5876) | PBKDF (A5876) | KAT | CAST | On Demand | Manually | ||||
| PBKDF (A5877) | PBKDF (A5877) | KAT | CAST | On Demand | Manually | ||||
| PBKDF (A5878) | PBKDF (A5878) | KAT | CAST | On Demand | Manually | ||||
| PBKDF (A5879) | PBKDF (A5879) | KAT | CAST | On Demand | Manually | ||||
| PBKDF (A5883) | PBKDF (A5883) | KAT | CAST | On Demand | Manually | ||||
| PBKDF (A5885) | PBKDF (A5885) | KAT | CAST | On Demand | Manually | ||||
| PBKDF (A5889) | PBKDF (A5889) | KAT | CAST | On Demand | Manually | ||||
| Counter DRBG (A5397) | Counter DRBG (A5397) | KAT | CAST | On Demand | Manually | ||||
| Hash DRBG (A5397) | Hash DRBG (A5397) | KAT | CAST | On Demand | Manually | ||||
| HMAC DRBG (A5397) | HMAC DRBG (A5397) | KAT | CAST | On Demand | Manually | ||||
| KAS-FFC-SSC Sp800-56Ar3 (A5898) | KAS-FFC-SSC Sp800-56Ar3 (A5898) | KAT | CAST | On Demand | Manually | ||||
| KAS-ECC-SSC Sp800-56Ar3 (A5868) | KAS-ECC-SSC Sp800-56Ar3 (A5868) | KAT | CAST | On Demand | Manually | ||||
| KAS-ECC-SSC Sp800-56Ar3 (A5876) | KAS-ECC-SSC Sp800-56Ar3 (A5876) | KAT | CAST | On Demand | Manually | ||||
| KAS-ECC-SSC Sp800-56Ar3 (A5877) | KAS-ECC-SSC Sp800-56Ar3 (A5877) | KAT | CAST | On Demand | Manually | ||||
| KAS-ECC-SSC Sp800-56Ar3 (A5878) | KAS-ECC-SSC Sp800-56Ar3 (A5878) | KAT | CAST | On Demand | Manually | ||||
| KAS-ECC-SSC Sp800-56Ar3 (A5879) | KAS-ECC-SSC Sp800-56Ar3 (A5879) | KAT | CAST | On Demand | Manually | ||||
| KAS-ECC-SSC Sp800-56Ar3 (A5883) | KAS-ECC-SSC Sp800-56Ar3 (A5883) | KAT | CAST | On Demand | Manually | ||||
| KAS-ECC-SSC Sp800-56Ar3 (A5889) | KAS-ECC-SSC Sp800-56Ar3 (A5889) | KAT | CAST | On Demand | Manually | ||||
| Safe Primes Key Generation (A5898) | Safe Primes Key Generation (A5898) | PCT | PCT | On Demand | Manually | ||||
| RSA KeyGen (FIPS186-5) (A5868) | RSA KeyGen (FIPS186-5) (A5868) | PCT | PCT | On Demand | Manually | ||||
| RSA KeyGen (FIPS186-5) (A5876) | RSA KeyGen (FIPS186-5) (A5876) | PCT | PCT | On Demand | Manually | ||||
| RSA KeyGen (FIPS186-5) (A5877) | RSA KeyGen (FIPS186-5) (A5877) | PCT | PCT | On Demand | Manually | ||||
| RSA KeyGen (FIPS186-5) (A5878) | RSA KeyGen (FIPS186-5) (A5878) | PCT | PCT | On Demand | Manually | ||||
| RSA KeyGen (FIPS186-5) (A5879) | RSA KeyGen (FIPS186-5) (A5879) | PCT | PCT | On Demand | Manually | ||||
| RSA KeyGen (FIPS186-5) (A5883) | RSA KeyGen (FIPS186-5) (A5883) | PCT | PCT | On Demand | Manually | ||||
| RSA KeyGen (FIPS186-5) (A5889) | RSA KeyGen (FIPS186-5) (A5889) | PCT | PCT | On Demand | Manually | ||||
| ECDSA KeyGen (FIPS186-5) (A5868) | ECDSA KeyGen (FIPS186-5) (A5868) | PCT | PCT | On Demand | Manually | ||||
| ECDSA KeyGen (FIPS186-5) (A5876) | ECDSA KeyGen (FIPS186-5) (A5876) | PCT | PCT | On Demand | Manually | ||||
| ECDSA KeyGen (FIPS186-5) (A5877) | ECDSA KeyGen (FIPS186-5) (A5877) | PCT | PCT | On Demand | Manually | ||||
| ECDSA KeyGen (FIPS186-5) (A5878) | ECDSA KeyGen (FIPS186-5) (A5878) | PCT | PCT | On Demand | Manually | ||||
| ECDSA KeyGen (FIPS186-5) (A5879) | ECDSA KeyGen (FIPS186-5) (A5879) | PCT | PCT | On Demand | Manually | ||||
| ECDSA KeyGen (FIPS186-5) (A5883) | ECDSA KeyGen (FIPS186-5) (A5883) | PCT | PCT | On Demand | Manually | ||||
| ECDSA KeyGen (FIPS186-5) (A5889) | ECDSA KeyGen (FIPS186-5) (A5889) | PCT | PCT | On Demand | Manually | ||||
| KTS-IFC (A5868) | KTS-IFC (A5868) | KAT | CAST | On demand | Manually | ||||
| KTS-IFC (A5876) | KTS-IFC (A5876) | KAT | CAST | On demand | Manually | ||||
| KTS-IFC (A5877) | KTS-IFC (A5877) | KAT | CAST | On demand | Manually | ||||
| KTS-IFC (A5878) | KTS-IFC (A5878) | KAT | CAST | On demand | Manually | ||||
| KTS-IFC (A5879) | KTS-IFC (A5879) | KAT | CAST | On demand | Manually | ||||
| KTS-IFC (A5883) | KTS-IFC (A5883) | KAT | CAST | On demand | Manually | ||||
| KTS-IFC (A5889) | KTS-IFC (A5889) | KAT | CAST | On demand | Manually |
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module and unencapsulation and unencapsulation and unencapsulation Table 23: Conditional Self-Tests Data output through the data output interface is inhibited during the conditional self-tests. The module does not return control to the calling application until the tests are completed. If any of these tests fails, the module transitions to the error state (Section 10.4 Error States).
© 2025 SUSE, LLC/atsec information security corporation.
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module Table 24: Pre-Operational Periodic Information © 2025 SUSE, LLC/atsec information security corporation.
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module © 2025 SUSE, LLC/atsec information security corporation.
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module © 2025 SUSE, LLC/atsec information security corporation.
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module © 2025 SUSE, LLC/atsec information security corporation.
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module © 2025 SUSE, LLC/atsec information security corporation.
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module © 2025 SUSE, LLC/atsec information security corporation.
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module © 2025 SUSE, LLC/atsec information security corporation.
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module © 2025 SUSE, LLC/atsec information security corporation.
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module © 2025 SUSE, LLC/atsec information security corporation.
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module © 2025 SUSE, LLC/atsec information security corporation.
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module © 2025 SUSE, LLC/atsec information security corporation.
| Name | Description | Role Access | Indicator | |
|---|---|---|---|---|
| Error | If the module fails any of the self- tests, the module enters the error state. In the error state, the module immediately stops functioning and ends the application process | Software integrity test failure CAST failure | OSSL_PROV_PARAM_STATUS is set to 0. Module will not load. | Module reinitialization |
| PCT Error | Pairwise consistency test failure | PCT failure | Module is aborted | Module reinitialization |
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module Table 25: Conditional Periodic Information
© 2025 SUSE, LLC/atsec information security corporation.
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module Table 26: Error States If the module fails any of the self-tests, the module enters the error state. In the error state, the module immediately stops functioning and ends the application process. Consequently, the data output interface is inhibited, and the module no longer accepts inputs or requests (as the module is no longer running).
Both conditional and pre-operational self-tests can be executed on-demand by unloading and subsequently re-initializing the module, or by calling the OSSL_PROVIDER_self_test function. The pair-wise consistency tests can be invoked on demand by requesting the key pair generation service. © 2025 SUSE, LLC/atsec information security corporation.
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module
The module is distributed as a part of the SUSE Linux Enterprise 15 SP6 OpenSSL package in the form of the libopenssl-3-fips-provider-3.1.4-150600.5.15.1 RPM package. Before the libopenssl-3-fips-provider-3.1.4-150600.5.15.1 RPM package is installed, the SUSE Linux Enterprise 15 SP6 system must operate in the FIPS validated configuration. To do so the following steps shall be performed with the root privilege:
After the libopenssl-3-fips-provider-3.1.4-150600.5.15.1 RPM package is installed, the Crypto Officer must execute the openssl list --providers command. This command should display the base/default and FIPS providers as follows: Providers base © 2025 SUSE, LLC/atsec information security corporation.
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module default fips name: OpenSSL Base Provider version: 3.1.4 status: active name: OpenSSL Default Provider version: 3.1.4 status: active name: SUSE Linux Enterprise - OpenSSL FIPS Provider version: 3.1.4 SUSE release 150600.5.15.1 status: active The cryptographic boundary consists only of the FIPS provider as listed. If any other OpenSSL or third-party provider is invoked, the user is not interacting with the module specified in this Security Policy.
There is no Non-Administrator Guidance.
As the module does not persistently store SSPs, secure sanitization of the module consists of unloading the module. This will zeroize all SSPs in volatile memory. Then, if desired, the libopenssl-3-fips-provider-3.1.4-150600.5.15.1 RPM package can be uninstalled from the SUSE Linux Enterprise 15 SP6 system. © 2025 SUSE, LLC/atsec information security corporation.
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module
Certain cryptographic subroutines and algorithms are vulnerable to timing analysis. The module claims mitigation of timing-based side-channel attacks implementing two methods, Constant-time Implementations and Numeric Blinding:
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module Appendix A. Glossary and Abbreviations AES Advanced Encryption Standard API Application Programming Interface CAST Cryptographic Algorithm Self-Test CAVP Cryptographic Algorithm Validation Program CBC Cipher Block Chaining CCM Counter with Cipher Block Chaining-Message Authentication Code CFB Cipher Feedback CKG Cryptographic Key Generation CMAC Cipher-based Message Authentication Code CMVP Cryptographic Module Validation Program CSP Critical Security Parameter CTR Counter DH Diffie-Hellman DRBG Deterministic Random Bit Generator ECB Electronic Code Book ECC Elliptic Curve Cryptography ECDH Elliptic Curve Diffie-Hellman ECDSA Elliptic Curve Digital Signature Algorithm EVP Envelope FFC Finite Field Cryptography FIPS Federal Information Processing Standards GCM Galois Counter Mode GMAC Galois Counter Mode Message Authentication Code HKDF HMAC-based Key Derivation Function HMAC Keyed-Hash Message Authentication Code IKE Internet Key Exchange KAS Key Agreement Scheme KAT Known Answer Test KBKDF Key-based Key Derivation Function KW Key Wrap KWP Key Wrap with Padding MAC Message Authentication Code NIST National Institute of Science and Technology OFB Output Feedback PAA Processor Algorithm Acceleration PCT Pair-wise Consistency Test PBKDF2 Password-based Key Derivation Function v2 PSS Probabilistic Signature Scheme RSA Rivest, Shamir, Adleman © 2025 SUSE, LLC/atsec information security corporation.
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module SHA Secure Hash Algorithm SSC Shared Secret Computation SSH Secure Shell SSP Sensitive Security Parameter TLS Transport Layer Security XOF Extendable Output Function XTS XEX-based Tweaked-codebook mode with cipher text Stealing © 2025 SUSE, LLC/atsec information security corporation.
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module Appendix B. References ANS X9.42-2001 Public Key Cryptography for the Financial Services Industry: Agreement of Symmetric Keys Using Discrete Logarithm Cryptography 2001 https://webstore.ansi.org/standards/ascx9/ansix9422001 ANS X9.63-2001 Public Key Cryptography for the Financial Services Industry, Key Agreement and Key Transport Using Elliptic Curve Cryptography 2001 https://webstore.ansi.org/standards/ascx9/ansix9632001 FIPS 140-3 FIPS PUB 140-3 - Security Requirements for Cryptographic Modules March 2019 https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.140-3.pdf FIPS 140-3 IG Implementation Guidance for FIPS PUB 140-3 and the Cryptographic Module Validation Program
https://csrc.nist.gov/csrc/media/Projects/cryptographic-modulevalidation-program/documents/fips%20140-3/FIPS%201403%20IG.pdf FIPS 180-4 Secure Hash Standard (SHS) August 2015 https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.180-4.pdf FIPS 186-2 Digital Signature Standard (DSS) January 2000 https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf FIPS 186-4 Digital Signature Standard (DSS) July 2013 https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf © 2025 SUSE, LLC/atsec information security corporation.
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module FIPS 186-5 Digital Signature Standard (DSS) February 2023 https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-5.pdf FIPS 197 Advanced Encryption Standard November 2001 https://csrc.nist.gov/publications/fips/fips197/fips-197.pdf FIPS 198-1 The Keyed Hash Message Authentication Code (HMAC) July 2008 https://csrc.nist.gov/publications/fips/fips198-1/FIPS-198-1_final.pdf FIPS 202 SHA-3 Standard: Permutation-Based Hash and ExtendableOutput Functions August 2015 https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf RFC 3526 More Modular Exponential (MODP) Diffie-Hellman groups for Internet Key Exchange (IKE) May 2003 https://www.ietf.org/rfc/rfc3526.txt RFC 5288 AES Galois Counter Mode (GCM) Cipher Suites for TLS August 2008 https://www.ietf.org/rfc/rfc5288.txt RFC 7919 Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for Transport Layer Security (TLS) August 2016 https://www.ietf.org/rfc/rfc7919.txt RFC 8446 The Transport Layer Security (TLS) Protocol Version 1.3 August 2018 https://www.ietf.org/rfc/rfc8446.txt SP 800-140B Rev. 1 NIST Special Publication 800-140B - CMVP Security Policy Requirements October 2024 https://csrc.nist.gov/projects/cmvp/sp800-140b © 2025 SUSE, LLC/atsec information security corporation.
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module SP 800-38A Recommendation for Block Cipher Modes of Operation Methods and Techniques December 2001 https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication8 00-38a.pdf SP 800-38A Addendum Recommendation for Block Cipher Modes of Operation: Three Variants of Ciphertext Stealing for CBC Mode October 2010 https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication8 00-38a-add.pdf SP 800-38B Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication May 2005 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.80038b.pdf SP 800-38C Recommendation for Block Cipher Modes of Operation: the CCM Mode for Authentication and Confidentiality July 2007 https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication8 00-38c.pdf SP 800-38D Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC November 2007 https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication8 00-38d.pdf SP 800-38E Recommendation for Block Cipher Modes of Operation: The XTS AES Mode for Confidentiality on Storage Devices January 2010 https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication8 00-38e.pdf SP 800-38F Recommendation for Block Cipher Modes of Operation: Methods for Key Wrapping December 2012 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.80038F.pdf © 2025 SUSE, LLC/atsec information security corporation.
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module SP 800-52 Rev. 2 Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations August 2019 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.80052r2.pdf SP 800-56A Rev. 3 Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography April 2018 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.80056Ar3.pdf SP 800-56C Rev. 2 Recommendation for Key-Derivation Methods in KeyEstablishment Schemes August 2020 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.80056Cr2.pdf SP 800-90A Rev. 1 Recommendation for Random Number Generation Using Deterministic Random Bit Generators June 2015 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.80090Ar1.pdf SP 800-90B Recommendation for the Entropy Sources Used for Random Bit Generation January 2018 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.80090B.pdf SP 800-108 Rev. 1 NIST Special Publication 800-108r1 - Recommendation for Key Derivation Using Pseudorandom Functions August 2022 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800108r1-upd1.pdf SP 800-132 Recommendation for Password-Based Key Derivation - Part 1: Storage Applications December 2010 https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication8 00-132.pdf © 2025 SUSE, LLC/atsec information security corporation.
SUSE Linux Enterprise OpenSSL 3 Cryptographic Module SP 800-133 Rev. 2 Recommendation for Cryptographic Key Generation June 2020 https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800133r2.pdf SP 800-135 Rev. 1 Recommendation for Existing Application-Specific Key Derivation Functions December 2011 https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication8 00-135r1.pdf © 2025 SUSE, LLC/atsec information security corporation.