DOCSLIB.ORG

FIPS 140-2 Non-Proprietary Security Policy Oracle Linux Openssl

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
FIPS 140-2 Non-Proprietary Security Policy Oracle Linux Openssl FIPS 140-2 Non-Proprietary Security Policy Oracle Linux OpenSSL Cryptographic Module FIPS 140-2 Level 1 Validation Software Version: R7-3.0.0 and R7-4.0.0 Date: May 11th, 2021 Document Version 2.2 ©Oracle Corporation This document may be reproduced whole and intact including the Copyright notice. Title: Oracle Linux OpenSSL Cryptographic Module Security Policy Date: May 11th, 2021 Author: Oracle Security Evaluations – Global Product Security Contributing Authors: Oracle Linux Engineering Oracle Corporation World Headquarters 500 Oracle Parkway Redwood Shores, CA 94065 U.S.A. Worldwide Inquiries: Phone: +1.650.506.7000 Fax: +1.650.506.7200 oracle.com Copyright © 2021, Oracle and/or its affiliates. All rights reserved. This document is provided for information purposes only and the contents hereof are subject to change without notice. This document is not warranted to be error-free, nor subject to any other warranties or conditions, whether expressed orally or implied in law, including implied warranties and conditions of merchantability or fitness for a particular purpose. Oracle specifically disclaim any liability with respect to this document and no contractual obligations are formed either directly or indirectly by this document. This document may reproduced or distributed whole and intact including this copyright notice. Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners. Oracle Linux OpenSSL Cryptographic Module Security Policy i TABLE OF CONTENTS Section Title Page 1. Introduction ......................................................................................................................................................................... 1 1.1 Overview ................................................................................................................................................................................ 1 1.2 Document Organization ......................................................................................................................................................... 2 2. Oracle Linux OpenSSL Cryptographic Module....................................................................................................................... 3 2.1 Functional Overview .............................................................................................................................................................. 3 2.2 FIPS 140-2 Validation Scope ................................................................................................................................................... 3 3. Cryptographic Module Specification .................................................................................................................................... 4 3.1 Definition of the Cryptographic Module ................................................................................................................................ 4 3.2 Definition of the Physical Cryptographic Boundary ............................................................................................................... 5 3.3 Approved or Allowed Security Functions ............................................................................................................................... 6 3.4 Non-Approved But Allowed Security Functions ................................................................................................................... 10 Table 3: Non-Approved but Allowed Security Functions .................................................................................................................. 10 3.5 Non-Approved Security Functions ....................................................................................................................................... 10 4. Module Ports and Interfaces ...............................................................................................................................................11 5. Physical Security .................................................................................................................................................................11 6. Operational Environment....................................................................................................................................................12 6.1 Tested Environments ........................................................................................................................................................... 12 6.2 Vendor Affirmed Environments ........................................................................................................................................... 12 6.3 Operational Environment Policy .......................................................................................................................................... 17 7. Roles, Services and Authentication .....................................................................................................................................18 7.1 Roles ..................................................................................................................................................................................... 18 7.2 FIPS Approved Operator Services and Descriptions ............................................................................................................ 18 7.3 Non-FIPS Approved Services and Descriptions .................................................................................................................... 19 7.4 Operator Authentication ...................................................................................................................................................... 20 8. Key and CSP Management ..................................................................................................................................................21 8.1 Random Number Generation ............................................................................................................................................... 21 8.2 Key Generation .................................................................................................................................................................... 22 8.3 Key/CSP Storage ................................................................................................................................................................... 22 8.4 Key/CSP Zeroization ............................................................................................................................................................. 22 8.5 Key Establishment ................................................................................................................................................................ 22 9. Self-Tests ............................................................................................................................................................................23 9.1 Power-Up Self-Tests ............................................................................................................................................................. 23 9.2 Conditional Self-Tests .......................................................................................................................................................... 24 9.3 On-Demand self-tests .......................................................................................................................................................... 24 10. Crypto-Officer and User Guidance .......................................................................................................................................25 10.1 Crypto-Officer Guidance ...................................................................................................................................................... 25 10.2 User Guidance ...................................................................................................................................................................... 27 10.2.1 TLS and Diffie-Hellman ......................................................................................................................................................... 27 10.2.2 Random Number Generator ................................................................................................................................................ 27 10.2.3 AES GCM IV .......................................................................................................................................................................... 27 10.2.4 AES-XTS Guidance ................................................................................................................................................................ 28 10.2.5 Triple-DES Keys .................................................................................................................................................................... 28 10.2.6 RSA and DSA Keys ................................................................................................................................................................ 28 10.3 Handling Self-Test Errors ...................................................................................................................................................... 28 11. Mitigation of Other Attacks ................................................................................................................................................29
Load more

Recommended publications
  • NVIDIA's New Ampere Data Center GPU in Full Production
    NVIDIA’s New Ampere Data Center GPU in Full Production New NVIDIA A100 GPU Boosts AI Training and Inference up to 20x; NVIDIA’s First Elastic, Multi- Instance GPU Unifies Data Analytics, Training and Inference; Adopted by World’s Top Cloud Providers and Server Makers GTC 2020 -- NVIDIA today announced that the first GPU based on the NVIDIA® Ampere architecture, the NVIDIA A100, is in full production and shipping to customers worldwide. The A100 draws on design breakthroughs in the NVIDIA Ampere architecture — offering the company’s largest leap in performance to date within its eight generations of GPUs — to unify AI training and inference and boost performance by up to 20x over its predecessors. A universal workload accelerator, the A100 is also built for data analytics, scientific computing and cloud graphics. “The powerful trends of cloud computing and AI are driving a tectonic shift in data center designs so that what was once a sea of CPU-only servers is now GPU-accelerated computing,” said Jensen Huang, founder and CEO of NVIDIA. “NVIDIA A100 GPU is a 20x AI performance leap and an end-to-end machine learning accelerator — from data analytics to training to inference. For the first time, scale-up and scale-out workloads can be accelerated on one platform. NVIDIA A100 will simultaneously boost throughput and drive down the cost of data centers.” New elastic computing technologies built into A100 make it possible to bring right-sized computing power to every job. A multi-instance GPU capability allows each A100 GPU to be partitioned into as many as seven independent instances for inferencing tasks, while third-generation NVIDIA NVLink® interconnect technology allows multiple A100 GPUs to operate as one giant GPU for ever larger training tasks.
    [Show full text]
  • Oracle Linux Unbreakable Enterprise Kernel (UEK 5) Cryptographic Module
    FIPS 140-2 Non-Proprietary Security Policy Oracle Linux Unbreakable Enterprise Kernel (UEK 5) Cryptographic Module FIPS 140-2 Level 1 Validation Software Version: R7-5.0.0 Date: March 4th, 2021 Document Version 2.2 ©Oracle Corporation This document may be reproduced whole and intact including the Copyright notice. Title: Oracle Linux Unbreakable Enterprise Kernel Cryptographic Module Security Policy Date: March 4th , 2021 Author: Oracle Security Evaluations – Global Product Security Contributing Authors: Oracle Linux Engineering Acumen Security Oracle Corporation World Headquarters 2300 Oracle Way Austin, TX 78741 U.S.A. Worldwide Inquiries: Phone: +1.650.506.7000 Sales: 1-800-672-2531 www.oracle.com Copyright © 2021, Oracle and/or its affiliates. All rights reserved. This document is provided for information purposes only and the contents hereof are subject to change without notice. This document is not warranted to be error-free, nor subject to any other warranties or conditions, whether expressed orally or implied in law, including implied warranties and conditions of merchantability or fitness for a particular purpose. Oracle specifically disclaim any liability with respect to this document and no contractual obligations are formed either directly or indirectly by this document. This document may reproduced or distributed whole and intact including this copyright notice. Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners. Oracle Linux Unbreakable Enterprise
    [Show full text]
  • New Report: IT Market in China 2014-2018
    May 11, 2015 03:31 EDT New Report: IT Market in China 2014- 2018 About IT IT is an integrated platform that includes hardware, software, and service solutions. An IT department of an organization is responsible for storing, protecting, processing, transmitting, and retrieving information. The role of the IT section in an organization is to integrate various business processes through hardware, software, and services solutions and smooth the flow of information and processes. IT also helps organizations to align their business processes with various other technologies. It is required to develop a safe and secure cyber environment, maintain a uniform flow of information, and help increase the revenue generation of an organization. Awareness of these benefits is leading several companies in China, the world's second largest economy, to invest heavily in IT. The rapid economic growth in the IT market in China has encouraged many business organizations to invest in the IT sector and contribute toward the development of IT infrastructure in the country. Our analysts forecast the IT market in China will grow at a CAGR of 10.62 percent over the period 2013-2018. Covered in this Report This report covers the present scenario and the growth prospects of the IT market in China for the period 2014-2018. The IT market in China is predominantly categorized into three segments: Hardware, Software, and Services. The report also covers the IT spending across key end-user segments and the market share analysis of the top vendors in the market. This report, IT Market in China 2014-2018, has been prepared based on an in- depth market analysis with inputs from industry experts.
    [Show full text]
  • Worldwide Artificial Intelligence Market Shares, 2018: Steady Growth — Pocs Poised to Enter Full-Blown Production
    Market Share Worldwide Artificial Intelligence Market Shares, 2018: Steady Growth — POCs Poised to Enter Full-Blown Production Ritu Jyoti Peter Rutten Natalya Yezhkova Ali Zaidi THIS IDC MARKET SHARE EXCERPT FEATURES IBM IDC MARKET SHARE FIGURE FIGURE 1 Worldwide Artificial Intelligence 2018 Share Snapshot Note: 2018 Share (%), Revenue ($M), and Growth (%) Source: IDC, 2019 July 2019, IDC #US45334719e IN THIS EXCERPT The content for this excerpt was taken directly from IDC Market Share: Worldwide Artificial Intelligence Market Shares, 2018: Steady Growth — POCs Poised to Enter Full-Blown Production (Doc # US45334719). All or parts of the following sections are included in this excerpt: Executive Summary, Market Share, Who Shaped the Year, Market Context, Appendix and Learn More. Also included is Figure 1, Table 1 and 2. EXECUTIVE SUMMARY The artificial intelligence (AI) market experienced steady growth in 2018, growing 35.6% to $28.1 billion. As per IDC's Artificial Intelligence Global Adoption Trends and Strategies Survey of 2,473 organizations of various sizes across industries worldwide by those that are using artificial intelligence (AI) solutions, either developing them in-house, using COTS, or a combination of both: 18% had AI models in production, 16% were in the proof-of-concept (POC) stage, and 15% were experimenting with AI. While automation, business agility, and customer satisfaction are the primary drivers for AI initiatives, cost of the solution, lack of skilled personnel, and bias in data have held organizations from implementing AI broadly. In the past 12 months, organizations worldwide have used AI in IT operations, customer service and support, finance and accounting, and ecommerce with major redesign to their business processes to maximize the ROI of AI.
    [Show full text]
  • 12028871D1ac490693416e5b73
    Global Research 7 September 2020 China Tech Sector Equities UBS A-share Conference 2020: Tech Company China Takeaways Technology Thompson Wu Analyst [email protected] UBS A-share Conference 2020 from 31 August to 2 September +886-28-722 7338 The UBS A-share Virtual Conference 2020 hosted over 90 corporates and over 550 Jimmy Yu investors during the three-day event. In the technology sector, we hosted a total of 21 Analyst companies including seven covered names and 14 non-rated names. Amongst these, S1460517080002 investors' most requested company meetings were Avary, Glodon, Han's Laser, [email protected] Hikvision, Shengyi, Shennan Circuit and USI. +86-21-3866 8880 Surveillance/Telecom gradually improving; Cloud demand remains solid Wendy Zhang Analyst Hikvision and Dahua's China business is gradually picking up in H220, in particular due S1460520040002 to enterprises' AI-solutions demand; however, overseas remains soft. Despite US Entity [email protected] List restrictions, both were comfortable with the localisation of their supply chains and +86-10-5832 8255 inventory preparations made in the past 12 months. FII was positive on US/China Cloud Zoe Xu companies' capex growth into 2021, plus share gains from its key customers. In Associate Analyst telecom, several companies highlighted a slowdown in 5G-related business due to [email protected] COVID-19 and the Huawei issue, but many expect improving demand in 2021. +852-2971 7724 Kayla Cai Huawei's impact on smartphone supply chain already felt; Apple ramping up Associate While most companies didn't want to comment on the impact of restrictions on [email protected] Huawei, most supply chain companies are more concerned now and it appears they +86-21-3866 8786 have seen a negative impact on procurement demand.
    [Show full text]
  • Oracle for Linuxone and Linux on Z
    Oracle for LinuxONE and Linux on Z Terry Ginther WW Data Serving SME, IBM LinuxONE [email protected] David Simpson Certified Oracle Database Specialist Advanced Technology Group (ATG) [email protected] Trademarks The following are trademarks of the International Business Machines Corporation in the United States and/or other countries. Chiphopper Db2* IBM* IBM Cloud MobileFirst S/390* z13* Cloud Paks GDPS* Ibm.com IBM Z* Power* Watson* z14* Cognos* HiperSockets IBM (logo)* Informix* Power Systems WebSphere* z/VM* * Registered trademarks of IBM Corporation Adobe, the Adobe logo, PostScript, and the PostScript logo are either registered trademarks or trademarks of Adobe Systems Incorporated in the United States, and/or other countries. Cell Broadband Engine is a trademark of Sony Computer Entertainment, Inc. in the United States, other countries, or both and is used under license therefrom. IT Infrastructure Library is a Registered Trademark of AXELOS Limited. ITIL is a Registered Trademark of AXELOS Limited. Linear Tape-Open, LTO, the LTO Logo, Ultrium, and the Ultrium logo are trademarks of HP, IBM Corp. and Quantum in the U.S. and other countries. Intel, Intel logo, Intel Inside, Intel Inside logo, Intel Centrino, Intel Centrino logo, Celeron, Intel Xeon, Intel SpeedStep, Itanium, and Pentium are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries. The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a worldwide basis. Java and all Java-based trademarks and logos are trademarks or registered trademarks of Oracle and/or its affiliates.
    [Show full text]
  • Huawei RH2488H V5 VS Servers of HPE, H3C, Lenovo, Dell, Inspur and Sugon
    Huawei RH2488H V5 VS Servers of HPE, H3C, Lenovo, Dell, Inspur and Sugon Server Model Huawei RH2488H V5 Huawei RH2488 v5 HPE Proliant DL360 G10 Lenovo ThinkSystem HPE Proliant DL380 G10 Inspur NF8260 M5 Rack Server ---- Rack Server(2U)--- Server ---- Two-floor SR850 Server(2U) --- Server (2U) --- Single Server(2U) --- Two-floor Single-floor motherboard design Two-floor motherboard floor motherboard Two-floor motherboard design motherboard design design design motherboard design Advantages of Dell 1. Support two 1. Support two 1. Support two 1. Support two dual-width 1. NVDIMM support, low 1. Support two Servers dual-width GPU with dual-width GPU with dual-width GPU with GPU with multiple latency, high IO, data FPGA; multiple models; multiple models; multiple models; models; protection; 2. Maximum support 2. Support two FPGA; 2. Support two FPGA; 2. Support two FPGA; 2. Support two FPGA; 2. Support up to 2 24 x NVMe; 3. Up to support 24 x 3. Support front 3. Maximum support 24 x 3. Maximum support 24 x dual-width GPU or FPGA; 3. 8GB RAID card NVMe; hot-swap NVMe SSD, NVMe; NVMe; 3. Supports up to 24 x cache; 4. 8GB RAID card up to 24 x NVMe; 4. 8GB RAID card cache; 4. Support the application NVMe SSD 4. Max support 24 x cache; 4. 8GB RAID card 5. Max support 24 x 2.5" of 8180 CPU (205W) in 4. Efficient and 2.5" + 2 x 2.5" 5. Max support 24 x cache; + 2 x 2.5" SAP and HAN/A; automated server 2.5" + 2 x 2.5" 5.
    [Show full text]
  • Brocade Fabric OS 9.X Open Systems Compatibility Matrix
    Brocade® Fabric OS® 9.x Open Systems Compatibility Matrix Version 1.3; September 2021 This document summarizes equipment that is known to be compatible with the Brocade® Fabric OS® (FOS) 9.x family. Products that are named in the compatibility tables reflect equipment that has been tested at Broadcom or tested externally. NOTE: This information is constantly being updated. For the latest compatibility information, visit vendor websites, some of which are listed in Related Websites. Broadcom FOS-9X-CM-OT103 September 2021 Brocade® Fabric OS 9.x Open Systems Compatibility Matrix Copyright © 2020–2021 Broadcom. All Rights Reserved. Broadcom, the pulse logo, Brocade, the stylized B logo, and Fabric OS are among the trademarks of Broadcom in the United States, the EU, and/or other countries. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries. Broadcom reserves the right to make changes without further notice to any products or data herein to improve reliability, function, or design. Information furnished by Broadcom is believed to be accurate and reliable. However, Broadcom does not assume any liability arising out of the application or use of this information, nor the application or use of any product or circuit described herein, neither does it convey any license under its patent rights nor the rights of others. The product described by this document may contain open source software covered by the GNU General Public License or other open source license agreements. To find out which open source software is included in Brocade products, to view the licensing terms applicable to the open source software, and to obtain a copy of the programming source code, please download the open source disclosure documents in the Broadcom Customer Support Portal (CSP).
    [Show full text]
  • High-Tech Heist: Chinese Government It Vendors and the Threat to Us Banks
    HIGH-TECH HEIST: CHINESE GOVERNMENT IT VENDORS AND THE THREAT TO US BANKS MARCH 2021 ROSLYN LAYTON, PHD TABLE OF CONTENTS Financial Services: An Industry at Risk . 1 Case Study: SolarWinds . 4 Bureaucracy Does Not Protect Banks from Cyber attacks. 5 Mutually Assured Destruction Is Not a Reliable Deterrence Strategy . 6 Information Technology as a Weapon: Systemic Risk of Embedded Components . 9 Proactive Steps for the Financial Industry. 15 Conclusion . 17 Endnotes . 18 KEY TAKEAWAYS 1. Despite dozens of regulatory policies and a multitude of federal and state agencies charged with overseeing security, cyber attacks on the US financial organizations are increasing in frequency and severity. A cyber attack on a bank can devastate its customers and systems, and a cyber attack on the US Treasury—which SolarWinds came dangerously close to achieving—could bring down the country. 2. The People’s Republic of PRC (PRC) is the leading adversary and advanced persistent threat (APT) actor against the United States. It uses cyber attack to conduct theft, espionage, and disruption. The PRC is the only threat actor with a leading information technology (IT) industry which increasingly supplies the IT products and services of US financial organizations. 3. US cyber policy approach which restricts some PRC-owned IT firms but not others is needlessly complex and invites exploitation. Federal policy restricts some purchases from Huawei, Lenovo, Hikvision, and others for security reasons but does not communicate the threats and mitigation in a way that is actionable for banks or end users. Therefore US financial organizations should be proactive to conduct cyber resilience audits, remove elements with vulnerabilities, and adopt NATO’s risk reduction strategy to avoid sourcing IT from authoritarian countries.
    [Show full text]
  • Federal Register/Vol. 85, No. 189/Tuesday, September 29, 2020
    61032 Federal Register / Vol. 85, No. 189 / Tuesday, September 29, 2020 / Notices project remains open, and Advanced Polytechnique Montreal, Montreal, DEPARTMENT OF LABOR Media Workflow Association, Inc. CANADA; Fujitsu Ltd, Kanagawa, intends to file additional written JAPAN; FuriosaAI, Inc., Seoul, SOUTH Office of Disability Employment Policy notifications disclosing all changes in KOREA; University of Toronto, Toronto, membership. CANADA; Indiana University, [Agency Docket Number: DOL–2020–0006] On March 28, 2000, Advanced Media Bloomington, IN; Gigabyte Technology RIN 1230–ZA00 Workflow Association, Inc. filed its Co., LTD., New Taipei, TAIWAN; original notification pursuant to Section Google LLC, Mountain View, CA; Grai Request for Information on Proposed 6(a) of the Act. The Department of Matter Labs, San Jose, CA; Graphcore Transfer of Ticket to Work Program Justice published a notice in the Federal Limited, Bristol, UNITED KINGDOM; From the Social Security Register pursuant to Section 6(b) of the Groq Inc., Mountain View, CA; Administration to the U.S. Department Act on June 29, 2000 (65 FR 40127). Guangdong OPPO Mobile of Labor The last notification was filed with Telecommunications Corp., Ltd, the Department on June 25, 2020. A DongGuan City, PEOPLE’S REPUBLIC AGENCY: Office of Disability notice was published in the Federal OF CHINA; Hewlett Packard Enterprise, Employment Policy, U.S. Department of Register pursuant to Section 6(b) of the Grenoble, FRANCE; Horizon Robotics Labor. Act on July 16, 2020 (85 FR 43261). Inc., Cupertino, CA; Inspur, Beijing, ACTION: Request for information. Suzanne Morris, PEOPLE’S REPUBLIC OF CHINA; Intel SUMMARY: The Social Security Chief, Premerger and Division Statistics, Corporation, Santa Clara, CA; Antitrust Division.
    [Show full text]
  • Summit Press
    Summit Press During the second annual OpenPOWER Summit, held April 5-8 in San Jose, the OpenPOWER Foundation made a set of announcements and showcased more than 50 new member innovations that advance its commitment to open technologies in the data center. The solutions and innovations showcased are built around OpenPOWER technology and the Open Compute reference architecture. OpenPOWER members Rackspace and the University of Michigan also announced the deployment of OpenPOWER systems. Media coverage from OpenPOWER Summit resulted in over 134 stories and reached an audience of over 285 million individuals based on the latest data provided by Cision. Highlights and full coverage are below. Google and Rackspace OpenCompute Collaboration o "Google also said it’s developing a data center server with cloud-computing company Rackspace Hosting Inc. that runs on a new IBM OpenPower chip called Power9, rather than Intel processors that go into most servers. The final design will be given away through Facebook Inc.’s Open Compute Project, so other companies can build their data center servers this way, too." – Bloomberg o "The search giant [Google] said on Wednesday that, along with cloud computing company Rackspace, it’s co-developing new server designs that are based on IBM chip technology." – Fortune Rackspace Barreleye o “Rackspace has already designed one Power-based server, called Barreleye, that it plans to put in production in the coming months, offering cloud services to its cloud customers.”-- CIO IBM OpenCompute o “Big Blue will also
    [Show full text]
  • Intel Delivers New Architecture for Discovery with Intel® Xeon Phi™ Coprocessors
    November 12, 2012 Intel Delivers New Architecture for Discovery with Intel® Xeon Phi™ Coprocessors Combination of Intel® Xeon® Processors and Intel® Xeon Phi™ Coprocessors Promises to Drive High Performance Computing Innovation NEWS HIGHLIGHTS ● Intel® Xeon Phi™ coprocessors, when combined with the Intel® Xeon® processor E5 family, will deliver unprecedented parallel performance, increasing the productivity and efficiency of high- performance computing. ● Efficient performance and a familiar programming model foster a thriving development community and extensive industry support from key OEMs, making high-performance computing easier to access for content creators, developers and scientists. ● Optimizing applications with tools such as Intel Cluster Studio XE 2013 helps achieve industry's best performance per watt for high degrees of parallelism on Intel Xeon Phi coprocessors as well asa significant increase in productivity on Intel Xeon processors E5 product family. ● Ninety-one percent of all newly listed systems on the recently announced Top500 list of the world's most powerful supercomputers are powered by Intel processors. Intel Xeon Phi coprocessors are already featured in 7 systems including the most power-efficient supercomputer on the list –"Beacon" delivering 2.44 GFlops/Watt. SALT LAKE CITY, Utah, Nov. 12, 2012 – Marking a new era in high-performance computing, Intel Corporation introduced the Intel® Xeon Phi™ coprocessor, a culmination of years of research and collaboration, to bring unprecedented performance for innovative breakthroughs in manufacturing, life sciences, energy and other areas. The ability to quickly compute, simulate and make more informed decisions has propelled the growth of high performance computing (HPC) and analytics. This has been driven by global business and research priorities to more accurately predict weather patterns, create more efficient energy resources, and develop cures for diseases among many other pressing issues.
    [Show full text]