Monthly Status Report (March)

[Matt Caswell]

As well as normal reviews, responding to user queries, wiki user
requests, OMC business, handling security reports, etc., key activities
this month:

- Fixed an issue where the ticket index was written to the session during the
handshake, even though the session is supposed to be immutable
- Significant review work on the Kernel TLS Receive side
- Investigated (with others) and fixed an underflow in ecp_nistp521.c
- Fixed an issue with long nonces in ChaCha20-Poly1305 (CVE-2019-1543)
- Significant review work on the CRMF/CMP chunk 2 code
- Changes to enable pkeyutl to work with Ed448 and Ed25519
- Updates to the pkeyutl documentation around the digest option
- Fixed enable-zlib
- Fixed some mem leaks in pkread.c demo file
- Fixed no-dso
- Fixed no-cmac, no-poly1305 and no-siphash
- Added some missing OPENSSL_NO_SM2 guards
- Worked on fix for no-posix-io (later replaced by a different PR)
- Created the default provider and moved SHA256 into it
- Created a PR for implementing a FIPS provider and moving SHA256 into it
- Created a PR for implementing a legacy provider and moving MD2 into it
- Fixed some MAC issues (Don't allow SHAKE128/SHAKE256 with HMAC)
- Fixed a memory leak in ARIA GCM
- Changes to tolerate 0 length input on Update functions
- Fixed no-ec
- Const fixes for OCSP_id_cmp and OCSP_id_issuer_cmp
- Created PR for fixed error handling in X509_chain_up_ref
- Created PR for supporting EVP_MD_block_size() with providers
- Created PR for ensuring EVP_MD_CTX_md() returns the EVP_MD that was originally
used.
- Significant review work on various FIPS related PRs

Matt