Module Name

Red Hat Enterprise Linux 6.6 OpenSSL Module, Red Hat Enterprise Linux 7.1 OpenSSL Module

Standard

FIPS 140-2

Status

Active

Sunset Date

12/20/2021

Validation Dates

09/08/2015;01/27/2016;02/16/2016;12/21/2016

Overall Level

1

Caveat

When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy

Security Level Exceptions

• Physical Security: N/A

Module Type

Software

Embodiment

Multi-chip standalone

Description

The OpenSSL FIPS Runtime Module is a general purpose cryptographic library designed to provide FIPS 140-2 validated cryptographic functionality for use with the high level API of the OpenSSL library.

Tested Configuration(s)

• Red Hat Enterprise Linux 6.6 running on HP ProLiant DL380p Gen8 with PAA
• Red Hat Enterprise Linux 6.6 running on HP ProLiant DL380p Gen8 without PAA
• Red Hat Enterprise Linux 6.6 running on IBM System x3500 M4 with PAA
• Red Hat Enterprise Linux 6.6 running on IBM System x3500 M4 without PAA
• Red Hat Enterprise Linux 7.1 running on HP ProLiant DL380 Gen8 with PAA
• Red Hat Enterprise Linux 7.1 running on HP ProLiant DL380 Gen8 without PAA
• Red Hat Enterprise Linux 7.1 running on IBM POWER8 Little Endian 8286-41A
• Red Hat Enterprise Linux 7.1 running on IBM z13 with CP Assist for Cryptographic Functions (single-user mode)

FIPS Algorithms

AES	Certs. #3104, #3105, #3106, #3107, #3108, #3109, #3110, #3111, #3112, #3113, #3114, #3119, #3634, #3635, #3636, #3637, #3638, #3639, #3640, #3641, #3642, #3651 and #3696
CVL	Certs. #374, #375, #376, #377, #380, #381, #654, #655, #656, #657, #658, #661 and #662
DRBG	Certs. #610, #611, #612, #613, #614, #615, #616, #617, #618, #619, #620, #621, #622, #623, #624, #625, #626, #629, #630, #631, #957, #958, #959, #960, #961, #962, #963, #964, #965, #966, #967, #968, #969, #970, #971, #982 and #1003
DSA	Certs. #897, #898, #899, #903, #1013, #1014, #1015, #1016, #1023 and #1038
ECDSA	Certs. #560, #561, #562, #564, #755, #756, #757, #759 and #775
HMAC	Certs. #1931, #1944, #1945, #1946, #1947, #1948, #1949, #1950, #1951, #1955, #1956, #1958, #2385, #2386, #2388, #2389, #2390, #2391, #2392, #2393, #2394, #2401 and #2427
RSA	Certs. #1583, #1584, #1586, #1590, #1875, #1876, #1877, #1878, #1886 and #1902
SHS	Certs. #2547, #2563, #2564, #2565, #2566, #2567, #2568, #2569, #2570, #2574, #2575, #2577, #3052, #3053, #3054, #3055, #3056, #3057, #3058, #3059, #3060, #3061, #3069 and #3095
Triple-DES	Certs. #1784, #1785, #1786, #1790, #2027, #2028, #2029, #2044 and #2059

Other Algorithms

RSA (key wrapping; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (CVL Certs. #655, #657 and #661, key agreement; key establishment methodology provides 112 or 128 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (CVL Certs. #655, #657 and #661, key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); MD5; RNG; Camellia; CAST; DES; IDEA; J-PAKE; MD2; MD4; MDC2; RC2; RC4; RC5; RIPEMD; Whirlpool

Software Versions

3.0, 4.0