As well as normal reviews, responding to user queries, wiki user requests, OMC business, handling security reports, etc., key activities this month:
- Ongoing reviews of the CMP contribution - Clarified the docs around usage of EVP_PKEY_get_raw_*_key() - Provided some tweaks/fixes to the Serializer code - Completed implementation of Ed25519 and Ed448 in the default provider - Implemented serializers for Ed25519 and Ed448 - Performed and coordinated the release of both 1.1.1e and 1.1.1f - Fix to handle the case where there is no digest in an EVP_MD_CTX - Significant effort in getting a simple TLSv1.2 connection working with FIPS only crypto - Created PR to make various updates to provider.pod - Made it possible to easily specify a libctx from EVP_DigestSign* - Made sure we were using the correct libctx when fetching a MAC in one scenario - Ensured we were using RAND_bytes_ex in various calls in crypto/rsa - Ensured we were using fetched ciphers/digests for TLS tickets - Fixed a number of spots in libssl where we weren't using the libctx - Fixed EVP_PKEY_new_mac_key() so that it doesn't fail if the specified MAC is not available in the default provider - Wrote code to update libssl to use EVP_MAC for its MAC rather than EVP_DigestSign*(). This work is currently on hold due to an unexpected impact on the GOST engine - Fixed more spots in libssl where fetched ciphers were not being used - Update to provide better diagnostics in the event of a fetch failure - Updated test TLS framework to provide better error information if a connection fails - Added libctx aware functions OCSP_RESPID_set_by_key_ex() and OCSP_RESPID_match_ex() - Added function to explicitly cache X509v3 extensions with a libctx - and used that function in libssl - Made the SRP library libctx aware, and updated libssl to use the new functions - Updated libssl to give a better error if we can't find a sig alg - Fixed a bug in libssl to avoid attempting to up-ref a cipher that is NULL - Fixed a bug to avoid double freeing a DH object in libssl Matt
