I participated in a number of meetings:
OTC Face-to-Face meetings on 12/8, beginning of meeting on 12/10 FIPS Sponsors
meeting on 12/7
I reviewed FIPS documents and set up a place in the otc-private repo for them.
The three main documents are the security policy draft, vendor evidence draft
and the finite state model. Other documents received from Acumen will be saved
here as well. I will take over scheduling of FIPS meetings starting in January.
The first meeting is scheduled for Jan 11 with Acumen.
I have built OpenSSL 3.0.0 on my Macintosh and have experimented debugging into
the FIPS module. I need to understand how the FIPS module will be built by
users in the future. Right now, the user just pulls OpenSSL from a repo and
builds it, then follows directions for installing the FIPS module. This seems
to be only useful for the first release of OpenSSL 3.0.0. There are some
inconsistencies in the FIPS documentation in the 3.0.0 master branch, and I
will be addressing these in January.
I worked on identifying the parts of OpenSSL that are needed to build the FIPS
module. There appear to be 351 source files used to build the module including
header files. There are 72 header files, 24 assembly language and 6 inc files.
There are 208 files in the crypto tree, 103 in the providers tree, 38 in the
include tree and 2 in the ssl tree.
If we can identify only those issues that require a change to these files, we
know what issues affect the FIPS module. This will be difficult but should be
possible.
I had a number of interactions with support customers, sending invoices. I did
not handle this process well and a number of mistakes were made. Mark and I
have discussed how to rectify these and I will be able to handle these tasks
with much greater care in the future.
Paul Nelson