On 01/04/2012 10:00 PM, David Weidenkopf wrote: > Hello, has anyone ever tried to incorporate the FIPS crypto > module(sepcifically the crypto algorithms) into a kernel module? Or the > feasibility of such an effort? The idea is that you then have FIPS capable > crypto in the kernel. The kernel crypto api, as far as I can tell, is > designed to allow for replacement and extension of supported algorithms. Why > couldn't the fips canister be incorporated into a kernel module? > > Appreciate any wisdom that anyone is willing to share!
We've looked at that and concluded that it probably makes more sense to validate the existing kernel module cryptography more or less as-is, rather than adapt the OpenSSL FIPS Object Module to run in a new kernel module. We've even been approached by some sponsors interested in helping to fund such an effort. As with the OpenSSL FIPS Object Module validations that will be a huge (for us) and expensive undertaking, though ultimately also of significant benefit. At present we've made no definite plans in this area. -Steve M. -- Steve Marquess OpenSSL Software Foundation, Inc. 1829 Mount Ephraim Road Adamstown, MD 21710 USA +1 877 673 6775 s/b +1 301 874 2571 direct marqu...@opensslfoundation.com ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
