From: Eugene Syromiatnikov <esyr@openssl.org>
Date: Thu, 11 Sep 2025 14:59:55 +0000 (+0200)
Subject: CHANGES.md, NEWS.md: update for 3.6.0-beta1
X-Git-Tag: openssl-3.6.0-beta1~7
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=c51691b1a34ef3a465def736f69f80c4d9f68f0f;p=thirdparty%2Fopenssl.git

CHANGES.md, NEWS.md: update for 3.6.0-beta1

CHANGES.md:
 * https://github.com/openssl/openssl/pull/28398
 * https://github.com/openssl/openssl/pull/28411
 * https://github.com/openssl/openssl/pull/28447
 * https://github.com/openssl/openssl/pull/28449

NEWS.md:
 * https://github.com/openssl/openssl/pull/28447

Release: yes
Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org>

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28521)
---

diff --git a/CHANGES.md b/CHANGES.md
index 098cba363bc..818a1f16cdd 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -31,6 +31,20 @@ OpenSSL 3.6
 
 ### Changes between 3.5 and 3.6 [xx XXX xxxx]
 
+ * Secure memory allocation calls are no longer used for HMAC keys.
+
+   *Dr Paul Dale*
+
+ * `openssl req` no longer generates certificates with an empty extension list
+   when SKID/AKID are set to `none` during generation
+
+   *David Benjamin*
+
+ * The man page date is now derived from the release date provided
+   in `VERSION.dat` and not the current date for the released builds.
+
+   *Enji Cooper*
+
  * Added support for `EVP_SKEY` opaque symmetric key objects to the key
    derivation and key exchange provider methods. Added `EVP_KDF_CTX_set_SKEY()`,
    `EVP_KDF_derive_SKEY()`, and `EVP_PKEY_derive_SKEY()` functions.
@@ -121,11 +135,6 @@ OpenSSL 3.6
 
    *Dr Paul Dale*
 
- * The FIPS provider now performs a PCT on key import for RSA, EC and ECX.
-   This is mandated by FIPS 140-3 IG 10.3.A additional comment 1.
-
-   *Dr Paul Dale*
-
  * Introduce `SSL_OP_SERVER_PREFERENCE` superceding misleadingly
    named `SSL_OP_CIPHER_SERVER_PREFERENCE`.
 
diff --git a/NEWS.md b/NEWS.md
index ecb6b051fda..8950da4dd6b 100644
--- a/NEWS.md
+++ b/NEWS.md
@@ -39,9 +39,6 @@ changes:
     derivation and key exchange provider methods. Added `EVP_KDF_CTX_set_SKEY()`,
     `EVP_KDF_derive_SKEY()`, and `EVP_PKEY_derive_SKEY()` functions.
 
-  * The FIPS provider now performs a PCT on key import for RSA, EC and ECX.
-    This is mandated by FIPS 140-3 IG 10.3.A additional comment 1.
-
   * Added LMS signature verification support as per [SP 800-208]. This
     support is present in both the FIPS and default providers.