As well as normal reviews, responding to user queries, wiki user requests, OMC business, handling security reports, etc., key activities this month:
- Continued work on making the threading code provider aware - leading to that PR being merged. - Continued to handle feedback and issues with the PRs to enable RAND in the FIPS module - ultimately resulting in this code being merged - Added the ability for "make doc-nits" to complain about newly added symbols that do not have documentation - Fixed "enable-ssl3" - Investigated a memory corruption issue, which turned out to be a documentation bug in the d2i docs - and then fixed those docs - Implemented a PACKET/WPACKET version of some simple ASN.1 utils for DSA - Made the BIGNUM code available from within the FIPS provider - Fixed a compilation issue with gcc 7.4.0 not recognising a "fall through" comment - Fixed the no-dh build - Implemented some significant updates to allow TLSv1.3 even in a no-ec build. This was made possible by the recent integration of TLSv1.3 FFDHE support. This work also fixed the no-ec build. - Fixed building with enable-trace - Fixed a number of race conditions in the TLSv1.3 handling of supported groups and some other similar fields - Fixed a bug in the FIPS provider which was creating an OPENSSL_CTX twice by mistake - Moved the public SIV mode functions to internal headers. There was no need for these functions to be public, and it reduced the number of newly added undocumented symbols. - Documented the ECP_CIPHER_fetch and EVP_CIPHER_up_ref functions - Created a PR to move PKCS#3 DH to the default provider - Fixed a bug which resulted in an assertion failure in master - Fixed a mem leak in evp_test - Resolved a crash in rc5 when using a key longer than 2040 bits Matt
