|
     |
Tectia Client, ConnectSecure, and Server can be operated in FIPS mode, using a version of the cryptographic library that has been certified according to the Federal Information Processing Standard (FIPS) 140-2.
The full OpenSSL cryptographic library is distributed with Tectia Client. This OpenSSL FIPS-certified cryptographic library is used to provide the classes of functions listed in the following tables.
The functions from the OpenSSL 3.0.8 7 Feb 2023 (FIPS provider: 3.0.8) used on Linux, Windows, and Solaris are listed in Table 3.1.
Table 3.1. APIs used from the OpenSSL cryptographic library version 3.0.8
| API | Description | Functions from OpenSSL |
|---|---|---|
| Random numbers | AES/CTR DRBG based on NIST SP800-90A is used from the OpenSSL library. | RAND_bytes, RAND_add |
| Ciphers | aes-ecb, aes-cbc, aes-ofb, aes-ctx, aes-gcm 3des-(ecb,cbc,cfb,ofb) | EVP_CIPHER_CTX_*, EVP_Cipher* |
| Math library | Bignum math library used by OpenSSL. | BN_* |
| Diffie Hellman | DH, ECDH, curve25519, curve448 | EVP_PKEY_*, DH_* |
| Hash functions | Variants: sha1[verify only], sha224, sha256, sha384, sha512 | EVP_MD_*, EVP_sha*, EVP_Digest* |
| Public Key | Variants: RSA, DSA, ECDSA, Ed25519 | EVP_PKEY_*, i2d_DSA_SIG, d2i_DSA_SIG, i2d_ECDSA_SIG, d2i_ECDSA_SIG, EVP_MD_*, ECDSA_SIG_*, DSA_SIG_*, EC_GROUP_*, EC_POINT_* |
| Misc | ERR_error_string_n, ERR_get_error, OpenSSL_version OSSL_PARAM_*, OSSL_PROVIDER_*, CRYPTO_free, CONF_modules_load_file_ex, EVP_default_properties_enable_fips |
No certificate functions are used from the OpenSSL library. Tectia provides its own certificate libraries.
| |
Copyright 
2023 SSH Communications Security Corporation
This software is protected by international copyright laws. All rights reserved.
Contact Information