Monthly Status Report (March)

Matt Caswell matt at
Fri Apr 3 11:43:54 UTC 2020

As well as normal reviews, responding to user queries, wiki user
requests, OMC business, handling security reports, etc., key activities
this month:

- Ongoing reviews of the CMP contribution
- Clarified the docs around usage of EVP_PKEY_get_raw_*_key()
- Provided some tweaks/fixes to the Serializer code
- Completed implementation of Ed25519 and Ed448 in the default provider
- Implemented serializers for Ed25519 and Ed448
- Performed and coordinated the release of both 1.1.1e and 1.1.1f
- Fix to handle the case where there is no digest in an EVP_MD_CTX
- Significant effort in getting a simple TLSv1.2 connection working with
FIPS only crypto
- Created PR to make various updates to provider.pod
- Made it possible to easily specify a libctx from EVP_DigestSign*
- Made sure we were using the correct libctx when fetching a MAC in one
- Ensured we were using RAND_bytes_ex in various calls in crypto/rsa
- Ensured we were using fetched ciphers/digests for TLS tickets
- Fixed a number of spots in libssl where we weren't using the libctx
- Fixed EVP_PKEY_new_mac_key() so that it doesn't fail if the specified
MAC is not available in the default provider
- Wrote code to update libssl to use EVP_MAC for its MAC rather than
EVP_DigestSign*(). This work is currently on hold due to an unexpected
impact on the GOST engine
- Fixed more spots in libssl where fetched ciphers were not being used
- Update to provide better diagnostics in the event of a fetch failure
- Updated test TLS framework to provide better error information if a
connection fails
- Added libctx aware functions OCSP_RESPID_set_by_key_ex() and
- Added function to explicitly cache X509v3 extensions with a libctx -
and used that function in libssl
- Made the SRP library libctx aware, and updated libssl to use the new
- Updated libssl to give a better error if we can't find a sig alg
- Fixed a bug in libssl to avoid attempting to up-ref a cipher that is NULL
- Fixed a bug to avoid double freeing a DH object in libssl


More information about the openssl-project mailing list