As well as normal reviews, responding to user queries, wiki user requests, OMC business, handling security reports, etc., key activities this month:
- Fixed an issue where the ticket index was written to the session during the handshake, even though the session is supposed to be immutable - Significant review work on the Kernel TLS Receive side - Investigated (with others) and fixed an underflow in ecp_nistp521.c - Fixed an issue with long nonces in ChaCha20-Poly1305 (CVE-2019-1543) - Significant review work on the CRMF/CMP chunk 2 code - Changes to enable pkeyutl to work with Ed448 and Ed25519 - Updates to the pkeyutl documentation around the digest option - Fixed enable-zlib - Fixed some mem leaks in pkread.c demo file - Fixed no-dso - Fixed no-cmac, no-poly1305 and no-siphash - Added some missing OPENSSL_NO_SM2 guards - Worked on fix for no-posix-io (later replaced by a different PR) - Created the default provider and moved SHA256 into it - Created a PR for implementing a FIPS provider and moving SHA256 into it - Created a PR for implementing a legacy provider and moving MD2 into it - Fixed some MAC issues (Don't allow SHAKE128/SHAKE256 with HMAC) - Fixed a memory leak in ARIA GCM - Changes to tolerate 0 length input on Update functions - Fixed no-ec - Const fixes for OCSP_id_cmp and OCSP_id_issuer_cmp - Created PR for fixed error handling in X509_chain_up_ref - Created PR for supporting EVP_MD_block_size() with providers - Created PR for ensuring EVP_MD_CTX_md() returns the EVP_MD that was originally used. - Significant review work on various FIPS related PRs Matt