From: Dr. Stephen Henson <steve@openssl.org>
Date: Wed, 6 Nov 2013 14:38:28 +0000 (+0000)
Subject: Enable PSK in FIPS mode.
X-Git-Tag: OpenSSL_1_0_1f~29
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=ddfe486e4c4869ac73fd8556cb6c64324c86621d;p=oweals%2Fopenssl.git

Enable PSK in FIPS mode.

Enable PSK ciphersuites with AES or DES3 in FIPS mode.
(cherry picked from commit e0ffd129c16af90eb5e2ce54e57832c0046d1aaf)
---

diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index 86a8bc56a7..bf832bb6cc 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -1683,7 +1683,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 	SSL_3DES,
 	SSL_SHA1,
 	SSL_TLSV1,
-	SSL_NOT_EXP|SSL_HIGH,
+	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
 	168,
 	168,
@@ -1699,7 +1699,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 	SSL_AES128,
 	SSL_SHA1,
 	SSL_TLSV1,
-	SSL_NOT_EXP|SSL_HIGH,
+	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
 	128,
 	128,
@@ -1715,7 +1715,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
 	SSL_AES256,
 	SSL_SHA1,
 	SSL_TLSV1,
-	SSL_NOT_EXP|SSL_HIGH,
+	SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
 	SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
 	256,
 	256,