changes entry about non-approved FIPS algorithms

Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20079)
author: Pauli <pauli@openssl.org> 2023-01-20 10:26:45 +1100
committer: Hugo Landau <hlandau@openssl.org> 2023-01-24 12:35:37 +0000
commit: d4e105f6d53002ebaac2caf0c723bbf734f4a21a (patch)
tree: ee990f8060d02f6c3659713d8163fa8467b49388 /CHANGES.md
parent: 8948b5749410084ed1dfabf17a90df65efcf0f82 (diff)
download: openssl-new-d4e105f6d53002ebaac2caf0c723bbf734f4a21a.tar.gz
1 files changed, 8 insertions, 0 deletions
diff --git a/CHANGES.md b/CHANGES.md
index d7274e4b9b..b616638e48 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -209,6 +209,14 @@ OpenSSL 3.1
 
 ### Changes between 3.0 and 3.1.0 [xx XXX xxxx]
 
+ * The FIPS provider includes a few non-approved algorithms for
+   backward compatibility purposes and the "fips=yes" property query
+   must be used for all algorithm fetches to ensure FIPS compliance.
+
+   The algorithms that are included but not approved are Triple DES and EdDSA.
+
+   *Paul Dale*
+
  * Added support for KMAC in KBKDF.
 
    *Shane Lontis*
author	Pauli <pauli@openssl.org>	2023-01-20 10:26:45 +1100
committer	Hugo Landau <hlandau@openssl.org>	2023-01-24 12:35:37 +0000
commit	d4e105f6d53002ebaac2caf0c723bbf734f4a21a (patch)
tree	ee990f8060d02f6c3659713d8163fa8467b49388 /CHANGES.md
parent	8948b5749410084ed1dfabf17a90df65efcf0f82 (diff)
download	openssl-new-d4e105f6d53002ebaac2caf0c723bbf734f4a21a.tar.gz