changes entry about non-approved FIPS algorithms

author Pauli <pauli@openssl.org>

Thu, 19 Jan 2023 23:26:45 +0000 (10:26 +1100)

committer Hugo Landau <hlandau@openssl.org>

Tue, 24 Jan 2023 12:37:40 +0000 (12:37 +0000)
author Pauli <pauli@openssl.org>
Thu, 19 Jan 2023 23:26:45 +0000 (10:26 +1100)
committer Hugo Landau <hlandau@openssl.org>
Tue, 24 Jan 2023 12:37:40 +0000 (12:37 +0000)
diff --git a/CHANGES.md b/CHANGES.md

index b8735b3d4ed5c657b62750f73863185bd4d248af..387551d4225579600b52d24970ebd2285fdb2bdf 100644 (file)
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -24,6 +24,14 @@ OpenSSL 3.1
  
  ### Changes between 3.0 and 3.1.0 [xx XXX xxxx]
  
+ * The FIPS provider includes a few non-approved algorithms for
+   backward compatibility purposes and the "fips=yes" property query
+   must be used for all algorithm fetches to ensure FIPS compliance.
+
+   The algorithms that are included but not approved are Triple DES and EdDSA.
+
+   *Paul Dale*
+
   * Added support for KMAC in KBKDF.
  
     *Shane Lontis*
author	Pauli <pauli@openssl.org>
	Thu, 19 Jan 2023 23:26:45 +0000 (10:26 +1100)
committer	Hugo Landau <hlandau@openssl.org>
	Tue, 24 Jan 2023 12:37:40 +0000 (12:37 +0000)