FIPS-Certified Cryptographic Library

Tectia Client, ConnectSecure, and Server can be operated in FIPS mode, using a version of the cryptographic library that has been certified according to the Federal Information Processing Standard (FIPS) 140-2.

The full OpenSSL cryptographic library is distributed with Tectia Client. This OpenSSL FIPS-certified cryptographic library is used to provide the classes of functions listed in the following tables.

The functions from the OpenSSL 3.0.8 7 Feb 2023 (FIPS provider: 3.0.8) used on Linux, Windows, and Solaris are listed in Table 3.1.

Table 3.1. APIs used from the OpenSSL cryptographic library version 3.0.8

APIDescriptionFunctions from OpenSSL
Random numbersAES/CTR DRBG based on NIST SP800-90A is used from the OpenSSL library.RAND_bytes, RAND_add
Ciphersaes-ecb, aes-cbc, aes-ofb, aes-ctx, aes-gcm 3des-(ecb,cbc,cfb,ofb)EVP_CIPHER_CTX_*, EVP_Cipher*
Math libraryBignum math library used by OpenSSL.BN_*
Diffie HellmanDH, ECDH, curve25519, curve448EVP_PKEY_*, DH_*
Hash functionsVariants: sha1[verify only], sha224, sha256, sha384, sha512EVP_MD_*, EVP_sha*, EVP_Digest*
Public KeyVariants: RSA, DSA, ECDSA, Ed25519EVP_PKEY_*, i2d_DSA_SIG, d2i_DSA_SIG, i2d_ECDSA_SIG, d2i_ECDSA_SIG, EVP_MD_*, ECDSA_SIG_*, DSA_SIG_*, EC_GROUP_*, EC_POINT_*
Misc ERR_error_string_n, ERR_get_error, OpenSSL_version OSSL_PARAM_*, OSSL_PROVIDER_*, CRYPTO_free, CONF_modules_load_file_ex, EVP_default_properties_enable_fips

No certificate functions are used from the OpenSSL library. Tectia provides its own certificate libraries.