Date: Thu, 12 Jul 2012 16:10:09 -0500 From: "Wilson, William O" <William.Wilson@unisys.com> To: "freebsd-security@freebsd.org" <freebsd-security@freebsd.org> Subject: FIPS140-2 Message-ID: <99C8B2929B39C24493377AC7A121E21FB032D08A74@USEA-EXCH8.na.uis.unisys.com>
next in thread | raw e-mail | index | archive | help
Greetings, We have a need for a FIPS140-2 compliant FreeBSD kernel plus keymanager. Has anyone done this before? My (naïve?) approach is to replace the crypto-dev driver with an openssl fipscanister based crypto driver, use a second application layer openssl fipscanister for the key manager crypto and remove all non-fips crypto from the kernel. Unsure if FIPs allows two copies of fipscanister. Design is always easier when one is ignorant. regards THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?99C8B2929B39C24493377AC7A121E21FB032D08A74>