Module Name

Ubuntu OpenSSL Cryptographic Module

Standard

FIPS 140-2

Status

Active

Sunset Date

4/23/2022

Validation Dates

04/24/2017;06/06/2017;02/27/2020

Overall Level

1

Caveat

When operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy

Security Level Exceptions

• Physical Security: N/A

Module Type

Software

Embodiment

Multi-Chip Stand Alone

Description

OpenSSL is an open-source library of various cryptographic algorithms written mainly in C.

Tested Configuration(s)

• Ubuntu 16.04 LTS 64-bit Little Endian running on IBM Power System 8001-22C with PAA
• Ubuntu 16.04 LTS 64-bit Little Endian running on IBM Power System 8001-22C without PAA
• Ubuntu 16.04 LTS 64-bit Little Endian running on IBM Power System 8247-22L with PAA
• Ubuntu 16.04 LTS 64-bit Little Endian running on IBM Power System 8247-22L without PAA
• Ubuntu 16.04 LTS 64-bit Little Endian running on IBM Power System 8335-GTB with PAA
• Ubuntu 16.04 LTS 64-bit Little Endian running on IBM Power System 8335-GTB without PAA
• Ubuntu 16.04 LTS 64-bit running on IBM z13 with PAI
• Ubuntu 16.04 LTS 64-bit running on IBM z13 without PAI
• Ubuntu 16.04 LTS 64-bit running on Supermicro A1SAi with PAA
• Ubuntu 16.04 LTS 64-bit running on Supermicro A1SAi without PAA
• Ubuntu 16.04 LTS 64-bit running on Supermicro SMX11SPL-F with PAA
• Ubuntu 16.04 LTS 64-bit running on Supermicro SMX11SPL-F without PAA (single-user mode)
• Ubuntu 16.04 LTS 64-bit running on Supermicro SYS-5018R-WR with PAA
• Ubuntu 16.04 LTS 64-bit running on Supermicro SYS-5018R-WR without PAA

FIPS Algorithms

AES	Certs. #4354, #4355, #4356, #4357, #4358, #4359, #4360, #4361, #4370, #4371, #4372, #4373, #4374, #4375, #C1499, #C1500, #C1501, #C1502, #C1503, #C1504, #C1505, #C1509, #C1510, #C1513, #C1514, #C1516, #C1518, #C1519, #C1520, #C1521, #C1522 and #C1524
CVL	Certs. #1055, #1058, #1061, #1064, #1066, #1068, #1070, #C1508, #C1511, #C1512, #C1523, #C1525 and #C1526
DRBG	Certs. #1390, #1391, #1392, #1393, #1394, #1395, #1396, #1397, #C1503, #C1508, #C1511, #C1512, #C1520, #C1523, #C1525 and #C1526
DSA	Certs. #1156, #1157, #1158, #1159, #1160, #1161, #1162, #C1508, #C1511, #C1512, #C1523, #C1525 and #C1526
ECDSA	Certs. #1031, #1032, #1033, #1034, #1035, #1036, #1037, #C1508, #C1511, #C1512, #C1523, #C1525 and #C1526
HMAC	Certs. #2895, #2896, #2897, #2898, #2899, #2900, #2901, #C1508, #C1511, #C1512, #C1523, #C1525 and #C1526
KTS	AES Certs. #4354, #4357, #4358, #4360, #C1503 and #C1520; key establishment methodology provides between 128 and 256 bits of encryption strength
RSA	Certs. #2351, #2352, #2353, #2354, #2355, #2356, #2357, #C1508, #C1511, #C1512, #C1523, #C1525 and #C1526
SHS	Certs. #3593, #3594, #3595, #3596, #3597, #3598, #3599, #C1508, #C1511, #C1512, #C1523, #C1525 and #C1526
Triple-DES	Certs. #2355, #2356, #2357, #C1517 and #C1527

Other Algorithms

Diffie-Hellman (CVL Certs. #1053, #1056, #1059, #1062, #1065, #1067, #1069, #C1508, #C1511, #C1512, #C1523, #C1525 and #C1526; key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); EC Diffie-Hellman (CVL Certs. #1053, #1054, #1056, #1057, #1059, #1060, #1063, #1065, #1067, #1068, #1069, #C1508, #C1511, #C1512, #C1523, #C1525 and #C1526; key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); MD5; NDRNG; RSA (key wrapping; key establishment methodology provides between 112 and 256 bits of encryption strength)

Software Versions

1.0