From: Eugene Syromiatnikov <esyr@openssl.org>
Date: Thu, 11 Sep 2025 14:59:55 +0000 (+0200)
Subject: CHANGES.md, NEWS.md: update for 3.6.0-beta1
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=4732ce799c9115d87bb49f0478044cfe250e897d;p=thirdparty%2Fopenssl.git

CHANGES.md, NEWS.md: update for 3.6.0-beta1

CHANGES.md:
 * https://github.com/openssl/openssl/pull/28398
 * https://github.com/openssl/openssl/pull/28411
 * https://github.com/openssl/openssl/pull/28447
 * https://github.com/openssl/openssl/pull/28449

NEWS.md:
 * https://github.com/openssl/openssl/pull/28447

Release: yes
Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org>

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28547)
---

diff --git a/CHANGES.md b/CHANGES.md
index a9a7f760315..7b7222bb1a0 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -59,6 +59,20 @@ OpenSSL 3.6
 
    *Viktor Dukhovni*
 
+ * Secure memory allocation calls are no longer used for HMAC keys.
+
+   *Dr Paul Dale*
+
+ * `openssl req` no longer generates certificates with an empty extension list
+   when SKID/AKID are set to `none` during generation
+
+   *David Benjamin*
+
+ * The man page date is now derived from the release date provided
+   in `VERSION.dat` and not the current date for the released builds.
+
+   *Enji Cooper*
+
  * Added support for `EVP_SKEY` opaque symmetric key objects to the key
    derivation and key exchange provider methods. Added `EVP_KDF_CTX_set_SKEY()`,
    `EVP_KDF_derive_SKEY()`, and `EVP_PKEY_derive_SKEY()` functions.
@@ -149,11 +163,6 @@ OpenSSL 3.6
 
    *Dr Paul Dale*
 
- * The FIPS provider now performs a PCT on key import for RSA, EC and ECX.
-   This is mandated by FIPS 140-3 IG 10.3.A additional comment 1.
-
-   *Dr Paul Dale*
-
  * Introduce `SSL_OP_SERVER_PREFERENCE` superceding misleadingly
    named `SSL_OP_CIPHER_SERVER_PREFERENCE`.
 
diff --git a/NEWS.md b/NEWS.md
index 3c6eaf39adf..1a8160ab1ca 100644
--- a/NEWS.md
+++ b/NEWS.md
@@ -47,9 +47,6 @@ changes:
     derivation and key exchange provider methods. Added `EVP_KDF_CTX_set_SKEY()`,
     `EVP_KDF_derive_SKEY()`, and `EVP_PKEY_derive_SKEY()` functions.
 
-  * The FIPS provider now performs a PCT on key import for RSA, EC and ECX.
-    This is mandated by FIPS 140-3 IG 10.3.A additional comment 1.
-
   * Added LMS signature verification support as per [SP 800-208]. This
     support is present in both the FIPS and default providers.