Add a CHANGES.md entry

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26683)

diff --git a/CHANGES.md b/CHANGES.md
index e63c464283559b18202c5eebde21f3ab37c4db3b..5a16e267c6d434d2411db8ae88cb9dd0d15a7628 100644 (file)
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -30,39 +30,44 @@ OpenSSL 3.5
 
 ### Changes between 3.4 and 3.5 [xx XXX xxxx]
 
-* For TLSv1.3: Add capability for a client to send multiple key shares. Extend the scope of
-  `SSL_OP_CIPHER_SERVER_PREFERENCE` to cover server-side key exchange group selection.
-  Extend the server-side key exchange group selection algorithm and related group list syntax
-  to support multiple group priorities, e.g. to prioritize (hybrid-)KEMs.
+ * Added new API calls to enable 3rd party QUIC stacks to use the OpenSSL TLS
+   implementation.
 
-  *David Kelsey*, *Martin Schmatz*
+   *Matt Caswell*
 
-* A new random generation API has been introduced which modifies all
-  of the L<RAND_bytes(3)> family of calls so they are routed through a
-  specific named provider instead of being resolved via the normal DRBG
-  chaining.  In a future OpenSSL release, this will obsolete RAND_METHOD.
+ * For TLSv1.3: Add capability for a client to send multiple key shares. Extend the scope of
+   `SSL_OP_CIPHER_SERVER_PREFERENCE` to cover server-side key exchange group selection.
+   Extend the server-side key exchange group selection algorithm and related group list syntax
+   to support multiple group priorities, e.g. to prioritize (hybrid-)KEMs.
 
-  *Dr Paul Dale*
+   *David Kelsey*, *Martin Schmatz*
 
-* New inline functions were added to support loads and stores of unsigned
-  16-bit, 32-bit and 64-bit integers in either little-endian or big-endian
-  form, regardless of the host byte-order.  See the `OPENSSL_load_u16_le(3)`
-  manpage for details.
+ * A new random generation API has been introduced which modifies all
+   of the L<RAND_bytes(3)> family of calls so they are routed through a
+   specific named provider instead of being resolved via the normal DRBG
+   chaining.  In a future OpenSSL release, this will obsolete RAND_METHOD.
 
-  *Viktor Dukhovni*
+   *Dr Paul Dale*
 
-* All the BIO_meth_get_*() functions allowing reuse of the internal OpenSSL
-  BIO method implementations were deprecated. The reuse is unsafe due to
-  dependency on the code of the internal methods not changing.
+ * New inline functions were added to support loads and stores of unsigned
+   16-bit, 32-bit and 64-bit integers in either little-endian or big-endian
+   form, regardless of the host byte-order.  See the `OPENSSL_load_u16_le(3)`
+   manpage for details.
 
-  *Tomáš Mráz*
+   *Viktor Dukhovni*
+
+ * All the BIO_meth_get_*() functions allowing reuse of the internal OpenSSL
+   BIO method implementations were deprecated. The reuse is unsafe due to
+   dependency on the code of the internal methods not changing.
+
+   *Tomáš Mráz*
 
-* Support DEFAULT keyword and '-' prefix in SSL_CTX_set1_groups_list().
-  SSL_CTX_set1_groups_list() now supports the DEFAULT keyword which sets the
-  available groups to the default selection. The '-' prefix allows the calling
-  application to remove a group from the selection.
+ * Support DEFAULT keyword and '-' prefix in SSL_CTX_set1_groups_list().
+   SSL_CTX_set1_groups_list() now supports the DEFAULT keyword which sets the
+   available groups to the default selection. The '-' prefix allows the calling
+   application to remove a group from the selection.
 
-  *Frederik Wedel-Heinen*
+   *Frederik Wedel-Heinen*
 
  * Updated the default encryption cipher for the `req`, `cms`, and `smime` applications
    from `des-ede3-cbc` to `aes-256-cbc`.