From: Pauli <paul.dale@oracle.com>
Date: Wed, 15 Apr 2020 21:55:17 +0000 (+1000)
Subject: news: note the addition of ECX and SHAKE256 to the FIPS provider as non-approved... 
X-Git-Tag: openssl-3.0.0-alpha1~79
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=19985ac42cab57bf55acb626aebfdc1194771b76;p=oweals%2Fopenssl.git

news: note the addition of ECX and SHAKE256 to the FIPS provider as non-approved algorithms

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11371)
---

diff --git a/NEWS.md b/NEWS.md
index 9f29a59323..9f18f416f8 100644
--- a/NEWS.md
+++ b/NEWS.md
@@ -21,6 +21,9 @@ OpenSSL 3.0
 
 ### Major changes between OpenSSL 1.1.1 and OpenSSL 3.0 [under development] ###
 
+  * The X25519, X448, Ed25519, Ed448 and SHAKE256 algorithms are included in
+    the FIPS provider.  None have the "fips=yes" property set and, as such,
+    will not be accidentially used.
   * The algorithm specific public key command line applications have
     been deprecated.  These include dhparam, gendsa and others.  The pkey
     alternatives should be used intead: pkey, pkeyparam and genpkey.