From: Pauli <pauli@openssl.org>
Date: Thu, 19 Jan 2023 23:26:45 +0000 (+1100)
Subject: changes entry about non-approved FIPS algorithms
X-Git-Tag: openssl-3.2.0-alpha1~1402
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d4e105f6d53002ebaac2caf0c723bbf734f4a21a;p=thirdparty%2Fopenssl.git

changes entry about non-approved FIPS algorithms

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20079)
---

diff --git a/CHANGES.md b/CHANGES.md
index d7274e4b9b7..b616638e489 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -209,6 +209,14 @@ OpenSSL 3.1
 
 ### Changes between 3.0 and 3.1.0 [xx XXX xxxx]
 
+ * The FIPS provider includes a few non-approved algorithms for
+   backward compatibility purposes and the "fips=yes" property query
+   must be used for all algorithm fetches to ensure FIPS compliance.
+
+   The algorithms that are included but not approved are Triple DES and EdDSA.
+
+   *Paul Dale*
+
  * Added support for KMAC in KBKDF.
 
    *Shane Lontis*