Monthly Status Report (December)

[Paul Nelson]

I participated in a number of meetings:

OTC Face-to-Face meetings on 12/8, beginning of meeting on 12/10 FIPS Sponsors meeting on 12/7

I reviewed FIPS documents and set up a place in the otc-private repo for them. The three main documents are the security policy draft, vendor evidence draft and the finite state model. Other documents received from Acumen will be saved here as well. I will take over scheduling of FIPS meetings starting in January. The first meeting is scheduled for Jan 11 with Acumen.

I have built OpenSSL 3.0.0 on my Macintosh and have experimented debugging into the FIPS module. I need to understand how the FIPS module will be built by users in the future. Right now, the user just pulls OpenSSL from a repo and builds it, then follows directions for installing the FIPS module. This seems to be only useful for the first release of OpenSSL 3.0.0. There are some inconsistencies in the FIPS documentation in the 3.0.0 master branch, and I will be addressing these in January.

I worked on identifying the parts of OpenSSL that are needed to build the FIPS module. There appear to be 351 source files used to build the module including header files. There are 72 header files, 24 assembly language and 6 inc files. There are 208 files in the crypto tree, 103 in the providers tree, 38 in the include tree and 2 in the ssl tree.

If we can identify only those issues that require a change to these files, we know what issues affect the FIPS module. This will be difficult but should be possible.

I had a number of interactions with support customers, sending invoices. I did not handle this process well and a number of mistakes were made. Mark and I have discussed how to rectify these and I will be able to handle these tasks with much greater care in the future.

Paul Nelson 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-project/attachments/20210111/65c05126/attachment.html>