Dev news

Commit 35d09a5f94 for openssl.org

commit 35d09a5f940360f0f8f000e61948c06bf31e4e3a
Author: Eugene Syromiatnikov <esyr@openssl.org>
Date:   Tue Mar 10 10:36:55 2026 +0100

    Move the FIPS PKCS5_PBKDF2_HMAC limits description from NEWS.md to CHANGES.md

    Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org>

    Reviewed-by: Tomas Mraz <tomas@openssl.org>
    Reviewed-by: Nikola Pajkovsky <nikolap@openssl.org>
    Reviewed-by: Neil Horman <nhorman@openssl.org>
    MergeDate: Tue Mar 10 13:39:25 2026
    (Merged from https://github.com/openssl/openssl/pull/30338)

diff --git a/CHANGES.md b/CHANGES.md
index 6486bd50d0..45a925457c 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -180,6 +180,18 @@ OpenSSL Releases
  * Lower bounds checks are now enforced when using `PKCS5_PBKDF2_HMAC` API
    with FIPS provider.

+   When using the FIPS provider via the `PKCS5_PBKDF2_HMAC` API,
+   password protected encrypted files will now have lower bounds
+   checks (minimum iteration count, minimum password length, salt
+   size and derived key lengths) enforced by default.  Prior to
+   upgrading to this version, users may want to check if their
+   password protected key–stores are encrypted using short passwords,
+   salts, low iteration counts for PBKDF or weaker ciphers. To
+   upgrade to the new defaults one can decrypt the keys with a
+   previous OpenSSL version or the default provider, and then
+   re-encrypt them with the newer OpenSSL (using the FIPS provider),
+   thus upgrading to longer password, salt length and AES-256 CBC.
+
    *Dimitri John Ledkov*

  * Added support for using either static or dynamic VC runtime linkage
diff --git a/NEWS.md b/NEWS.md
index 30c7ceb5b4..98c661c683 100644
--- a/NEWS.md
+++ b/NEWS.md
@@ -35,6 +35,9 @@ OpenSSL 4.0

   * Added `OPENSSL_sk_set_cmp_thunks()` call to the `STACK_OF` API

+  * Lower bounds checks are now enforced when using `PKCS5_PBKDF2_HMAC` API
+    with FIPS provider.
+
   * Removed `c_rehash` script tool.  Use `openssl rehash` instead.

   * `libcrypto` no longer cleans up globally allocated data via `atexit()`.
@@ -46,18 +49,6 @@ OpenSSL 4.0

   * Removed support for the SSLv2 Client Hello.

-  * When using the FIPS provider via the `PKCS5_PBKDF2_HMAC` API,
-    password protected encrypted files will now have lower bounds
-    checks (minimum iteration count, minimum password length, salt
-    size and derived key lengths) enforced by default.  Prior to
-    upgrading to this version, users may want to check if their
-    password protected key–stores are encrypted using short passwords,
-    salts, low iteration counts for PBKDF or weaker ciphers. To
-    upgrade to the new defaults one can decrypt the keys with a
-    previous OpenSSL version or the default provider, and then
-    re-encrypt them with the newer OpenSSL (using the FIPS provider),
-    thus upgrading to longer password, salt length and AES-256 CBC.
-
 OpenSSL 3.6
 -----------