Module Name
Oracle Solaris Userland Cryptographic Framework
Historical Reason
RNG SP800-131A Revision 1 Transition
Caveat
When installed, initialized and configured as specified in the Security Policy and operated in FIPS mode. The module generates cryptographic keys whose strengths are modified by available entropy.
Security Level Exceptions
- Physical Security: N/A
- Mitigation of Other Attacks: N/A
Embodiment
Multi-chip standalone
Description
The Oracle Solaris OS utilizes the Oracle Solaris Userland Cryptographic Framework module for cryptographic functionality for any applications running in user space. It exposes PKCS#11 APIs, uCrypto APIs, and libmd public interfaces to provide cryptography to any application designed to utilize them.
Tested Configuration(s)
- Oracle Solaris 11.1 running on a M3000 Enterprise Server
- Oracle Solaris 11.1 running on a Sun Server X3-2 with PAA
- Oracle Solaris 11.1 running on a Sun Server X3-2 without PAA (single-user mode)
Other Algorithms
AES-XCBC-MAC (non-compliant); SHA-512/224 (non-compliant); SHA-512/256 (non-compliant); MD4; MD5; RC4; DES; Blowfish; RSA (key wrapping; key establishment methodology provides between 112 and 192 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 192 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
Software Versions
1.0 and 1.1