|
     |
Tectia Client, ConnectSecure, and Server can be operated in FIPS mode, using a version of the cryptographic library that has been certified according to the Federal Information Processing Standard (FIPS) 140-2.
The full OpenSSL cryptographic library is distributed with Tectia ConnectSecure. However, only
the algorithms provided by the fipscanister object module in the library are used by Tectia ConnectSecure.
The OpenSSL FIPS-certified cryptographic library is used to provide the classes of functions listed in the
following tables.
The functions from the OpenSSL library version 1.0.2a used on Linux, Windows, Solaris and
HP-UX Itanium (IA-64) are listed in Table 3.1. On these platforms, the
fipscanister object module version 2.0.9 is used.
The functions from the OpenSSL library version 0.9.8 used on HP-UX PA-RISC and IBM AIX are
listed in Table 3.2. On these platforms, the
fipscanister object module version 1.2 is used.
Table 3.1. APIs used from the OpenSSL cryptographic library version 1.0.2a
(used on Linux, Windows, Solaris and HP-UX Itanium)
| API | Description | Functions from OpenSSL |
|---|---|---|
| Random numbers | AES/CTR DRBG based on NIST SP800-90A is used from the OpenSSL library. | RAND_get_rand_method() |
| AES ciphers | Variants: ecb, cbc, cfb, ofb, ctr | EVP_aes* |
| 3DES ciphers | Variants: ecb, cbc, cfb, ofb | EVP_des_ede3_* |
| Math library | Bignum math library used by OpenSSL. | BN_* |
| Diffie Hellman | DH_*, ECDH_* | |
| Hash functions | Variants: sha1, sha-224, sha-256, sha-384, sha-512 | EVP_sha* |
| Public Key | Variants: rsa, dsa, ecdsa | RSA_*, DSA_*, ECDSA_* |
Table 3.2. APIs used from the OpenSSL cryptographic library version 0.9.8
(used on HP-UX PA-RISC and IBM AIX)
| API | Description | Functions from OpenSSL |
|---|---|---|
| Random numbers | FIPS-approved AES PRNG based on ANSI X9.32 is used from the OpenSSL library. | FIPS_rand_* |
| AES ciphers | Variants: ecb, cbc, cfb, ofb, ctr | AES_* |
| DES ciphers | Variants: ecb, cbc, cfb, ofb | DES_* |
| 3DES ciphers | Variants: ecb, cbc, cfb, ofb | DES_* |
| Math library | Bignum math library used by OpenSSL. | BN_* |
| Diffie Hellman | DH_* | |
| Hash functions | Variants: sha1, sha-224, sha-256, sha-384, sha-512 | SHA1_*, SHA256_*, SHA512_* |
| Public Key | Variants: rsa and dsa | RSA_*, DSA_* |
No certificate functions are used from the OpenSSL library. Tectia provides its own certificate libraries.
| |
Copyright 
2017 SSH Communications Security Corporation
This software is protected by international copyright laws. All rights reserved.
Contact Information