Monthly Status Report (April)

[Matt Caswell]

As well as normal reviews, responding to user queries, wiki user
requests, OMC business, handling security reports, etc., key activities
this month:

- Worked on and pushed the PR to add SHA256 support to the FIPS provider
- Fixed no-sm2/no-sm3/no-ec
- Corrected some documentation for SSL_CIPHER_description()
- Worked on and pushed the PR to create a legacy provider and put MD2 in it
- Fixed a crash in X509_STORE_CTX_get_by_subject
- Significant review work on the CMP chunk 3 PR
- Came up with a proposed fix for possible mem leaks in custom
X509_LOOKUP_METHODs (later superseded by another fix)
- Investigated reported issues with AES-BIGE and later created a PR to improve
documentation/comments
- Significant work on creating a PR to move the basic AES ciphers into the
default provider
- Significant work on the PR making EVP available in the FIPS provider
- In response to CVE-2019-9498 and CVE-2019-9499 backported a hardening commit
to 1.0.2 to reject invalid EC point co-ords during EC_POINT_set_affine_coordinates_*
- Significant review work of the KTLS Sendfile PR
- Investigated and came up with PR to fix issues with OpenSSL being intolerant
to key_update while writes are pending
- Added some clarification to the ChaCha20 docs and added some new test vectors
- Fixed some KTLS issues
- Fixed no-ec2m
- Fixed an issue with EVP_CIPHER_CTX_rand_key
- Fixed a problem in rc5 where it would attempt to use a key length longer than
the maximum permissible
- Fixed no-srp


Matt