Update NEWS and CHANGES

NEWS and CHANGES hasn't mentioned OPENSSL_CTX before, so adding entries now.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12228)

CHANGES.md

@@ -23,6 +23,28 @@ OpenSSL 3.0
 
 ### Changes between 1.1.1 and 3.0 [xx XXX xxxx]
 
+ * Added a library context that applications as well as other
+   libraries can use to form a separate context within which libcrypto
+   operations are performed.
+
+   There are two ways this can be used:
+
+   - Directly, by passing a library context to functions that take
+     such an argument, such as `EVP_CIPHER_fetch` and similar algorithm
+     fetching functions.
+   - Indirectly, by creating a new library context and then assigning
+     it as the new default, with `OPENSSL_CTX_set0_default`.
+
+   All public OpenSSL functions that take an `OPENSSL_CTX` pointer,
+   apart from the functions directly related to `OPENSSL_CTX`, accept
+   NULL to indicate that the default library context should be used.
+
+   Library code that changes the default library context using
+   `OPENSSL_CTX_set0_default` should take care to restore it with a
+   second call before returning to the caller.
+
+   *Richard Levitte*
+
  * Handshake now fails if Extended Master Secret extension is dropped
    on renegotiation.
 

NEWS.md

@@ -20,6 +20,7 @@ OpenSSL 3.0
 
 ### Major changes between OpenSSL 1.1.1 and OpenSSL 3.0 [under development]
 
+  * Added `OPENSSL_CTX`, a libcrypto library context.
   * Interactive mode is removed from the 'openssl' program.
   * The X25519, X448, Ed25519, Ed448 and SHAKE256 algorithms are included in
     the FIPS provider.  None have the "fips=yes" property set and, as such,