As well as normal reviews, responding to user queries, wiki user requests, OMC business, handling security reports, etc., key activities this month:
- Fixed DHX parameter encoding (they were incorrectly being encoded using PKCS3 Parameters). Also extended the encode/decode tests as part of this. - Active participant in the interviewing and recruitment process for the "Administrator and Manager" position - Ongoing participation in the regular OTC meetings - Ongoing participation in regular FIPS sponsor meetings - Removed CMS specific code out of the algorithm implementations and removed key downgrades - Deprecated EVP_PKEY_set1_tls_encodedpoint() as well as the get version. Implemented replacements with more generic names. - Concentrated all deprecated API usage in libssl in one file - Fixed an issue with the SSL_SECOP_TMP_DH security operation which was defined to take an EVP_PKEY, but was actually sending a DH object in one instance. - Performed the alpha 7 release - Created WIP to do the DH deprecation - Fixed an issue that was causing a test failure in a no-dh build - Fixed the deprecation macros to allow "empty" deprecation macros to be passed as macro arguments - Created PR to change the default key generation type for DH and DSA - Fixed an issue where we weren't calling SSLfatal on an error path in libssl - Created PR to convert dhparam so that it no longer needs to use low level APIs - Created PR to remove all instances of low-level DH use in libssl - Fixed some missed usage of DEFINE_LHASH_OF() that meant there were compile failures on some platforms Matt