Allow 'null' cipher and appropriate Kerberos ciphersuites in FIPS mode.

diff --git a/crypto/evp/e_null.c b/crypto/evp/e_null.c
index 2420d7e5af806ec6c81fbf9c1fb091fa96b6dfcd..a84b0f14b1a77bc6faf979ab51767af5bcc3406c 100644 (file)
--- a/crypto/evp/e_null.c
+++ b/crypto/evp/e_null.c
@@ -69,7 +69,7 @@ static const EVP_CIPHER n_cipher=
        {
        NID_undef,
        1,0,0,
-       0,
+       EVP_CIPH_FLAG_FIPS,
        null_init_key,
        null_cipher,
        NULL,

diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 0cded81b14bec21364ff563aeffec5d4eb3fc801..9bf1dbec066acca9abbd4226ee6e524f7cc42d55 100644 (file)
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -541,7 +541,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL3_TXT_KRB5_DES_64_CBC_SHA,
        SSL3_CK_KRB5_DES_64_CBC_SHA,
        SSL_kKRB5|SSL_aKRB5|  SSL_DES|SSL_SHA1   |SSL_SSLV3,
-       SSL_NOT_EXP|SSL_LOW,
+       SSL_NOT_EXP|SSL_LOW|SSL_FIPS,
        0,
        56,
        56,
@@ -555,7 +555,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL3_TXT_KRB5_DES_192_CBC3_SHA,
        SSL3_CK_KRB5_DES_192_CBC3_SHA,
        SSL_kKRB5|SSL_aKRB5|  SSL_3DES|SSL_SHA1  |SSL_SSLV3,
-       SSL_NOT_EXP|SSL_HIGH,
+       SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
        0,
        112,
        168,
@@ -653,7 +653,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL3_TXT_KRB5_DES_40_CBC_SHA,
        SSL3_CK_KRB5_DES_40_CBC_SHA,
        SSL_kKRB5|SSL_aKRB5|  SSL_DES|SSL_SHA1   |SSL_SSLV3,
-       SSL_EXPORT|SSL_EXP40,
+       SSL_EXPORT|SSL_EXP40|SSL_FIPS,
        0,
        40,
        56,