From owner-freebsd-security@FreeBSD.ORG Thu Jul 12 21:11:00 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D291B1065670 for ; Thu, 12 Jul 2012 21:11:00 +0000 (UTC) (envelope-from William.Wilson@unisys.com) Received: from mail201.messagelabs.com (mail201.messagelabs.com [216.82.254.211]) by mx1.freebsd.org (Postfix) with ESMTP id 9AB008FC08 for ; Thu, 12 Jul 2012 21:11:00 +0000 (UTC) X-Env-Sender: William.Wilson@unisys.com X-Msg-Ref: server-8.tower-201.messagelabs.com!1342127453!9890511!6 X-Originating-IP: [192.61.61.104] X-StarScan-Version: 6.5.10; banners=-,-,- X-VirusChecked: Checked Received: (qmail 2585 invoked from network); 12 Jul 2012 21:10:54 -0000 Received: from unknown (HELO USEA-NAEDGE1.unisys.com) (192.61.61.104) by server-8.tower-201.messagelabs.com with RC4-SHA encrypted SMTP; 12 Jul 2012 21:10:54 -0000 Received: from usea-nahubcas2.na.uis.unisys.com (129.224.76.115) by USEA-NAEDGE1.unisys.com (192.61.61.104) with Microsoft SMTP Server (TLS) id 8.3.83.0; Thu, 12 Jul 2012 16:10:10 -0500 Received: from USEA-EXCH8.na.uis.unisys.com ([129.224.76.41]) by usea-nahubcas2.na.uis.unisys.com ([129.224.76.115]) with mapi; Thu, 12 Jul 2012 16:10:10 -0500 From: "Wilson, William O" To: "freebsd-security@freebsd.org" Date: Thu, 12 Jul 2012 16:10:09 -0500 Thread-Topic: FIPS140-2 Thread-Index: Ac1gcrg4RunFVjnESyqMayyz4c+qYA== Message-ID: <99C8B2929B39C24493377AC7A121E21FB032D08A74@USEA-EXCH8.na.uis.unisys.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: acceptlanguage: en-US MIME-Version: 1.0 X-Mailman-Approved-At: Thu, 12 Jul 2012 21:56:42 +0000 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: FIPS140-2 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 12 Jul 2012 21:11:01 -0000 Greetings, We have a need for a FIPS140-2 compliant FreeBSD kernel plus keymanager. Has anyone done this before? My (na=EFve?) approach is to replace the crypto-dev driver with an openssl = fipscanister based crypto driver, use a second application layer openssl fi= pscanister for the key manager crypto and remove all non-fips crypto from t= he kernel. Unsure if FIPs allows two copies of fipscanister. Design is always easier when one is ignorant. regards THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MA= TERIAL and is thus for use only by the intended recipient. If you received = this in error, please contact the sender and delete the e-mail and its atta= chments from all computers.