Dev news

Commit 4732ce799c for openssl.org

commit 4732ce799c9115d87bb49f0478044cfe250e897d
Author: Eugene Syromiatnikov <esyr@openssl.org>
Date:   Thu Sep 11 16:59:55 2025 +0200

    CHANGES.md, NEWS.md: update for 3.6.0-beta1

    CHANGES.md:
     * https://github.com/openssl/openssl/pull/28398
     * https://github.com/openssl/openssl/pull/28411
     * https://github.com/openssl/openssl/pull/28447
     * https://github.com/openssl/openssl/pull/28449

    NEWS.md:
     * https://github.com/openssl/openssl/pull/28447

    Release: yes
    Signed-off-by: Eugene Syromiatnikov <esyr@openssl.org>

    Reviewed-by: Neil Horman <nhorman@openssl.org>
    Reviewed-by: Tomas Mraz <tomas@openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/28547)

diff --git a/CHANGES.md b/CHANGES.md
index a9a7f76031..7b7222bb1a 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -59,6 +59,20 @@ OpenSSL 3.6

    *Viktor Dukhovni*

+ * Secure memory allocation calls are no longer used for HMAC keys.
+
+   *Dr Paul Dale*
+
+ * `openssl req` no longer generates certificates with an empty extension list
+   when SKID/AKID are set to `none` during generation
+
+   *David Benjamin*
+
+ * The man page date is now derived from the release date provided
+   in `VERSION.dat` and not the current date for the released builds.
+
+   *Enji Cooper*
+
  * Added support for `EVP_SKEY` opaque symmetric key objects to the key
    derivation and key exchange provider methods. Added `EVP_KDF_CTX_set_SKEY()`,
    `EVP_KDF_derive_SKEY()`, and `EVP_PKEY_derive_SKEY()` functions.
@@ -149,11 +163,6 @@ OpenSSL 3.6

    *Dr Paul Dale*

- * The FIPS provider now performs a PCT on key import for RSA, EC and ECX.
-   This is mandated by FIPS 140-3 IG 10.3.A additional comment 1.
-
-   *Dr Paul Dale*
-
  * Introduce `SSL_OP_SERVER_PREFERENCE` superceding misleadingly
    named `SSL_OP_CIPHER_SERVER_PREFERENCE`.

diff --git a/NEWS.md b/NEWS.md
index 3c6eaf39ad..1a8160ab1c 100644
--- a/NEWS.md
+++ b/NEWS.md
@@ -47,9 +47,6 @@ changes:
     derivation and key exchange provider methods. Added `EVP_KDF_CTX_set_SKEY()`,
     `EVP_KDF_derive_SKEY()`, and `EVP_PKEY_derive_SKEY()` functions.

-  * The FIPS provider now performs a PCT on key import for RSA, EC and ECX.
-    This is mandated by FIPS 140-3 IG 10.3.A additional comment 1.
-
   * Added LMS signature verification support as per [SP 800-208]. This
     support is present in both the FIPS and default providers.