### Changes between 3.5 and 3.6 [xx XXX xxxx]
+ * Secure memory allocation calls are no longer used for HMAC keys.
+
+ *Dr Paul Dale*
+
+ * `openssl req` no longer generates certificates with an empty extension list
+ when SKID/AKID are set to `none` during generation
+
+ *David Benjamin*
+
+ * The man page date is now derived from the release date provided
+ in `VERSION.dat` and not the current date for the released builds.
+
+ *Enji Cooper*
+
* Added support for `EVP_SKEY` opaque symmetric key objects to the key
derivation and key exchange provider methods. Added `EVP_KDF_CTX_set_SKEY()`,
`EVP_KDF_derive_SKEY()`, and `EVP_PKEY_derive_SKEY()` functions.
*Dr Paul Dale*
- * The FIPS provider now performs a PCT on key import for RSA, EC and ECX.
- This is mandated by FIPS 140-3 IG 10.3.A additional comment 1.
-
- *Dr Paul Dale*
-
* Introduce `SSL_OP_SERVER_PREFERENCE` superceding misleadingly
named `SSL_OP_CIPHER_SERVER_PREFERENCE`.
derivation and key exchange provider methods. Added `EVP_KDF_CTX_set_SKEY()`,
`EVP_KDF_derive_SKEY()`, and `EVP_PKEY_derive_SKEY()` functions.
- * The FIPS provider now performs a PCT on key import for RSA, EC and ECX.
- This is mandated by FIPS 140-3 IG 10.3.A additional comment 1.
-
* Added LMS signature verification support as per [SP 800-208]. This
support is present in both the FIPS and default providers.
projects / thirdparty / openssl.git / commitdiff
