Greetings, We have a need for a FIPS140-2 compliant FreeBSD kernel plus keymanager.
Has anyone done this before? My (naïve?) approach is to replace the crypto-dev driver with an openssl fipscanister based crypto driver, use a second application layer openssl fipscanister for the key manager crypto and remove all non-fips crypto from the kernel. Unsure if FIPs allows two copies of fipscanister. Design is always easier when one is ignorant. regards THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[email protected]"
