Monthly Status Report (January 2021)

Tomas Mraz tm at
Mon Feb 1 11:10:45 UTC 2021

My key activities this month were:

- triage of newly reported issues and responding to questions
- participation on the OTC meetings
- reviews of various PRs:
  - I've reviewed about 80 PRs this month, merged many of them submitted by 3rd party
  - Major PRs reviewed: 
    - 3.0 alpha 11 release review
    - Update CMP doc on cert and key sources and extend use of PKCS#10 input #13841
    - Deprecate EVP_KEY_new_CMAC_key #13829 
    - [crypto/dh] side channel hardening for computing DH shared keys #13783
    - x509_vfy.c: Fix a regression in find_issuer(); extend and re-organize some tests #13762
    - X509_cmp(): Fix comparison in case x509v3_cache_extensions() failed to due to invalid cert #13755
    - Major improvemens of pkey app and bugfix on IS_HTTP(S) macros #13712
    - X509 app: major cleanup of user guidance, documentation, and code structure #13711
    - Fix a crash with multi-threaded applications using the FIPS module #13660
    - apps/{req,x509,ca}.c Make sure certs have SKID and AKID by default #13658
    - Use centralized fetching errors #13467
    - Remove pkey_downgrade from PKCS7 code #13435
    - Test CLI key validation and SM2 key validation #13359
    - EVP: fix keygen for EVP_PKEY_RSA_PSS #13099
- submitted 11 PRs:
   - In particular:
     - chacha20: Properly reinitialize the cipher context with NULL key #13850
     - Deprecation of the remaining functions related to X9.31 RSA key generation #13921
     - Rename EVP_CIPHER_CTX_get_iv and EVP_CIPHER_CTX_get_iv_state for clarity #13870
     - Fixes in DH derivation related to DH support in CMS #13869
     - Implement missing algorithm id generation for the RSA-PSS signatures #13988
- took over the PR for deprecation of EC_KEY and related functions (#13139)
  from Shane, finalized it

Tomáš Mráz
No matter how far down the wrong road you've gone, turn back.
                                              Turkish proverb
[You'll know whether the road is wrong if you carefully listen to your

More information about the openssl-project mailing list