[openssl-project] Monthly Status Report (July)

[Matt Caswell]

As well as normal reviews, responding to user queries, wiki user
requests, OMC business, handling security reports, etc., key activities
this month:

- Attended a number of meetings re FIPS
- Fixed a bug in 1.1.0/1.0.2 which can result in an invalid
CertificateRequest message being sent
- Reviewed lots of issues with respect to the 1.1.1 milestone
- Fixed no_tls1_2, no-psk
- Implemented changes to avoid GOST sigalg usage in TLSv1.3
- Fixed some issues found by Coverity
- Implemented changes so that unexpected early data is tolerated
(skipped) by default
- Improved consistency between 1.1.0 and 1.1.1 in s_server where a PSK
identity doesn't match
- Updated run-checker to run a GOST test
- Investigated problems on android with pthread_atfork
- Fixed some TLSv1.3 session issues
- Fixed a mem leak in the ticket test
- Ensured that we skip the GOST test when DSA or CMS or disabled
(because GOST requires those symbols)
- Implemented stricter checking of key OIDs against the sig alg
- Fixed a bug where we incorrectly skipped over early_data sent after an HRR
- Updated the early data documentation to describe some scenarios where
the connection could abort
- Prepared the PR for updated the TLSv1.3 code to the final RFC version
- Updated the TLSv1.3 test vectors to match those in the latest test
vectors document
- Added validation of the legacy_version field for TLSv1.3
- Implemented a fix allowing both prime and binary curves in SM2. This
later changed into a more generic fix that removed some prime/binary
curve specific functions in preference for generic ones
- Removed testing of no-md5 from run-checker since it is not a valid option
- Fixed some TLSv1.3 alert issues

A slightly shorter list this month due to holidays.

Matt