changes: add note about PCT on key import to the FIPS provider

This is mandated by FIPS 140-3 IG 10.3.A additional comment 1.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28122)

diff --git a/CHANGES.md b/CHANGES.md
index d3437a5e4dea5924ef5249c90ed7252a6fbd6282..bb5be066a4a64971d39b7faddadddf5c329564ca 100644 (file)
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -31,6 +31,11 @@ OpenSSL 3.6
 
 ### Changes between 3.5 and 3.6 [xx XXX xxxx]
 
+ * The FIPS provider now performs a PCT on key import for RSA, EC and ECX.
+   This is mandated by FIPS 140-3 IG 10.3.A additional comment 1.
+
+   *Dr Paul Dale*
+
  * Introduce SSL_OP_SERVER_PREFERENCE superceding misleadingly
    named SSL_OP_CIPHER_SERVER_PREFERENCE.