OpenSSL Cryptographic Module version 1.0 FIPS 140-2 Non-Proprietary Security Policy Version 1.5 Last update: 2020-02-06 © 2020 Canonical Ltd. / atsec information security This document can be reproduced and distributed only whole and intact, including this copyright notice. OpenSSL Cryptographic Module FIPS 140-2 Non-Proprietary Security Policy Prepared by: atsec information security corporation 9130 Jollyville Road, Suite 260 Austin, TX 78759 www.atsec.com © 2020 Canonical Ltd. / atsec information security This document can be reproduced and distributed only whole and intact, including this copyright notice. 2 of 55 OpenSSL Cryptographic Module FIPS 140-2 Non-Proprietary Security Policy Table of Contents 1. Cryptographic Module Specification ....................................................................................................... 6 1.1. Module Overview .................................................................................................................................. 6 1.2. Modes of Operation ............................................................................................................................... 9 2. Cryptographic Module Ports and Interfaces ......................................................................................... 10 3. Roles, Services and Authentication ...................................................................................................... 11 3.1. Roles .................................................................................................................................................... 11 3.2. Services ................................................................................................................................................ 11 3.3. Algorithms ............................................................................................................................................ 13 3.3.1. Ubuntu 16.04 LTS 64-bit Little Endian Running on POWER System ............................................ 14 3.3.2. Ubuntu 16.04 LTS 64-bit Running on Intel® Xeon®/Atom® Processor ........................................ 18 3.3.3. Ubuntu 16.04 LTS 64-bit Running on z System ........................................................................... 25 3.3.4. Non-Approved Algorithms .......................................................................................................... 29 3.4. Operator Authentication ..................................................................................................................... 31 4. Physical Security .................................................................................................................................. 32 5. Operational Environment ..................................................................................................................... 33 5.1. Applicability ......................................................................................................................................... 33 5.2. Policy .................................................................................................................................................... 33 6. Cryptographic Key Management .......................................................................................................... 34 6.1. Random Number Generation .............................................................................................................. 34 6.2. Key Generation .................................................................................................................................... 35 6.3. Key Agreement / Key Transport / Key Derivation ................................................................................ 35 6.4. Key Entry / Output ............................................................................................................................... 36 6.5. Key / CSP Storage ................................................................................................................................. 36 6.6. Key / CSP Zeroization ........................................................................................................................... 36 7. Electromagnetic Interference/Electromagnetic Compatibility (EMI/EMC) ............................................ 37 8. Self-Tests ............................................................................................................................................. 38 8.1. Power-Up Tests .................................................................................................................................... 38 8.1.1. Integrity Tests .............................................................................................................................. 38 8.1.2. Cryptographic Algorithm Tests .................................................................................................... 38 8.2. On-Demand Self-Tests ......................................................................................................................... 39 8.3. Conditional Tests ................................................................................................................................. 39 9. Guidance .............................................................................................................................................. 41 © 2020 Canonical Ltd. / atsec information security This document can be reproduced and distributed only whole and intact, including this copyright notice. 3 of 55 OpenSSL Cryptographic Module FIPS 140-2 Non-Proprietary Security Policy 9.1. Crypto Officer Guidance ...................................................................................................................... 41 9.1.1. Operating Environment Configurations ...................................................................................... 41 9.1.2. Module Installation ..................................................................................................................... 42 9.2. User Guidance ...................................................................................................................................... 42 9.2.1. TLS ............................................................................................................................................... 42 9.2.2. AES GCM IV ................................................................................................................................. 43 9.2.3. AES XTS ........................................................................................................................................ 43 9.2.4. Random Number Generator ....................................................................................................... 43 9.2.5. API Functions ............................................................................................................................... 43 9.2.6. Environment Variables ................................................................................................................ 43 9.2.7. Handling FIPS Related Errors ....................................................................................................... 44 10. Mitigation of Other Attacks .................................................................................................................. 46 10.1. Blinding Against RSA Timing Attacks .................................................................................................... 46 10.2. Weak Triple-DES Keys Detection .......................................................................................................... 46 © 2020 Canonical Ltd. / atsec information security This document can be reproduced and distributed only whole and intact, including this copyright notice. 4 of 55 OpenSSL Cryptographic Module FIPS 140-2 Non-Proprietary Security Policy Copyrights and Trademarks Ubuntu and Canonical are registered trademarks of Canonical Ltd. Linux is a registered trademark of Linus Torvalds. © 2020 Canonical Ltd. / atsec information security This document can be reproduced and distributed only whole and intact, including this copyright notice. 5 of 55 OpenSSL Cryptographic Module FIPS 140-2 Non-Proprietary Security Policy 1. Cryptographic Module Specification This document is the non-proprietary FIPS 140-2 Security Policy for version 1.0 of the Ubuntu OpenSSL Cryptographic Module. It contains the security rules under which the module must operate and describes how this module meets the requirements as specified in FIPS PUB 140-2 (Federal Information Processing Standards Publication 140-2) for a Security Level 1 software module. The following sections describe the cryptographic module and how it conforms to the FIPS 140-2 specification in each of the required areas. 1.1. Module Overview The Ubuntu OpenSSL Cryptographic Module (hereafter referred to as “the module”) is a set of software libraries implementing the Transport Layer Security (TLS) protocol v1.0, v1.1 and v1.2 and Datagram Transport Layer Security (DTLS) protocol v.1.0 and v1.2, as well as general purpose cryptographic algorithms. The module provides cryptographic services to applications running in the user space of the underlying Ubuntu operating system through a C language Application Program Interface (API). The module utilizes processor instructions to optimize and increase performance. The module can act as a TLS server or client, and interacts with other entities