[openssl-project] Monthly Status Report (October)

Matt Caswell matt at openssl.org
Mon Nov 5 14:47:50 UTC 2018

As well as normal reviews, responding to user queries, wiki user
requests, OMC business, handling security reports, etc., key activities
this month:

- Ongoing work on the Design documentation for the FIPS release
- Fixed some coverity issues
- Fixed BIO callback return code handling
- Fixed an issue with DTLSv1_listen() which was leaving messages on the
underlying fd causing application level issues
- Developed a Configure option "no-atexit" (not yet merged)
- Fixed the EVP_PKEY_CTX_set_rsa_pss_keygen_md macro
- Fixed an issue with the client certificate callback in TLSv1.3
- Fixed a DTLS issue with duplicated messages coming from the next epoch
- Reviewing the CMP code
- Removed the artificial limit on the size of the ClientHello
- Fixed a DTLS memory leak
- Investigated tls_cbc_digest_record issues
- Fixed an issue in s_server when the identity is unknown
- Fixed an issue where we negotiated TLSv1.3 even though our certificate
is not TLSv1.3 capable
- Fixed an issue where we use_ecc() was returning 1 due to TLSv1.3
ciphersuites - even though those ciphersuites were disabled.
- Fixed an issue where HKDF state was not reset between runs
- Fixed ca_names handling to have separate behaviour on the client and
server to avoid sending overly large ClientHellos
- Reviewing the Kernel TLS code
- Reviewing SRP documentation updates


More information about the openssl-project mailing list