changes entry about non-approved FIPS algorithms

Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20079) (cherry picked from commit d4e105f6d53002ebaac2caf0c723bbf734f4a21a)
author: Pauli <pauli@openssl.org> 2023-01-20 10:26:45 +1100
committer: Hugo Landau <hlandau@openssl.org> 2023-01-24 12:37:40 +0000
commit: d702d0144f8e1cead044d22ac1507043f8eac038 (patch)
tree: 1b26c34fa5abde1d650080e0b00e606f9b88634d /CHANGES.md
parent: 6f09571af0e1f2ed654730669113ed76500ed3c8 (diff)
1 files changed, 8 insertions, 0 deletions
diff --git a/CHANGES.md b/CHANGES.md
index b8735b3d4e..387551d422 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -24,6 +24,14 @@ OpenSSL 3.1
 
 ### Changes between 3.0 and 3.1.0 [xx XXX xxxx]
 
+ * The FIPS provider includes a few non-approved algorithms for
+   backward compatibility purposes and the "fips=yes" property query
+   must be used for all algorithm fetches to ensure FIPS compliance.
+
+   The algorithms that are included but not approved are Triple DES and EdDSA.
+
+   *Paul Dale*
+
  * Added support for KMAC in KBKDF.
 
    *Shane Lontis*
author	Pauli <pauli@openssl.org>	2023-01-20 10:26:45 +1100
committer	Hugo Landau <hlandau@openssl.org>	2023-01-24 12:37:40 +0000
commit	d702d0144f8e1cead044d22ac1507043f8eac038 (patch)
tree	1b26c34fa5abde1d650080e0b00e606f9b88634d /CHANGES.md
parent	6f09571af0e1f2ed654730669113ed76500ed3c8 (diff)