From d4e105f6d53002ebaac2caf0c723bbf734f4a21a Mon Sep 17 00:00:00 2001
From: Pauli <pauli@openssl.org>
Date: Fri, 20 Jan 2023 10:26:45 +1100
Subject: [PATCH] changes entry about non-approved FIPS algorithms

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20079)
---
 CHANGES.md | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/CHANGES.md b/CHANGES.md
index d7274e4b9b7..b616638e489 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -209,6 +209,14 @@ OpenSSL 3.1
 
 ### Changes between 3.0 and 3.1.0 [xx XXX xxxx]
 
+ * The FIPS provider includes a few non-approved algorithms for
+   backward compatibility purposes and the "fips=yes" property query
+   must be used for all algorithm fetches to ensure FIPS compliance.
+
+   The algorithms that are included but not approved are Triple DES and EdDSA.
+
+   *Paul Dale*
+
  * Added support for KMAC in KBKDF.
 
    *Shane Lontis*
-- 
2.47.2