changes entry about non-approved FIPS algorithms

author Pauli <pauli@openssl.org>

Thu, 19 Jan 2023 23:26:45 +0000 (10:26 +1100)

committer Hugo Landau <hlandau@openssl.org>

Tue, 24 Jan 2023 12:35:37 +0000 (12:35 +0000)
author Pauli <pauli@openssl.org>
Thu, 19 Jan 2023 23:26:45 +0000 (10:26 +1100)
committer Hugo Landau <hlandau@openssl.org>
Tue, 24 Jan 2023 12:35:37 +0000 (12:35 +0000)
diff --git a/CHANGES.md b/CHANGES.md

index d7274e4b9b797f1cad195524f4c19ad1d6df0393..b616638e4898fa0fd88e413835c5e9dc7e3e055e 100644 (file)
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -209,6 +209,14 @@ OpenSSL 3.1
  
  ### Changes between 3.0 and 3.1.0 [xx XXX xxxx]
  
+ * The FIPS provider includes a few non-approved algorithms for
+   backward compatibility purposes and the "fips=yes" property query
+   must be used for all algorithm fetches to ensure FIPS compliance.
+
+   The algorithms that are included but not approved are Triple DES and EdDSA.
+
+   *Paul Dale*
+
   * Added support for KMAC in KBKDF.
  
     *Shane Lontis*
author	Pauli <pauli@openssl.org>
	Thu, 19 Jan 2023 23:26:45 +0000 (10:26 +1100)
committer	Hugo Landau <hlandau@openssl.org>
	Tue, 24 Jan 2023 12:35:37 +0000 (12:35 +0000)