Set SSL_FIPS flag in ECC ciphersuites.
authorDr. Stephen Henson <steve@openssl.org>
Mon, 6 Jun 2011 14:14:41 +0000 (14:14 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Mon, 6 Jun 2011 14:14:41 +0000 (14:14 +0000)
ssl/s3_lib.c

index 028e996..8327756 100644 (file)
@@ -1834,7 +1834,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_eNULL,
        SSL_SHA1,
        SSL_TLSV1,
-       SSL_NOT_EXP|SSL_STRONG_NONE,
+       SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS,
        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        0,
        0,
@@ -1866,7 +1866,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_3DES,
        SSL_SHA1,
        SSL_TLSV1,
-       SSL_NOT_EXP|SSL_HIGH,
+       SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        168,
        168,
@@ -1882,7 +1882,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_AES128,
        SSL_SHA1,
        SSL_TLSV1,
-       SSL_NOT_EXP|SSL_HIGH,
+       SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        128,
        128,
@@ -1898,7 +1898,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_AES256,
        SSL_SHA1,
        SSL_TLSV1,
-       SSL_NOT_EXP|SSL_HIGH,
+       SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        256,
        256,
@@ -1914,7 +1914,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_eNULL,
        SSL_SHA1,
        SSL_TLSV1,
-       SSL_NOT_EXP|SSL_STRONG_NONE,
+       SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS,
        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        0,
        0,
@@ -1946,7 +1946,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_3DES,
        SSL_SHA1,
        SSL_TLSV1,
-       SSL_NOT_EXP|SSL_HIGH,
+       SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        168,
        168,
@@ -1962,7 +1962,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_AES128,
        SSL_SHA1,
        SSL_TLSV1,
-       SSL_NOT_EXP|SSL_HIGH,
+       SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        128,
        128,
@@ -1978,7 +1978,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_AES256,
        SSL_SHA1,
        SSL_TLSV1,
-       SSL_NOT_EXP|SSL_HIGH,
+       SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        256,
        256,
@@ -1994,7 +1994,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_eNULL,
        SSL_SHA1,
        SSL_TLSV1,
-       SSL_NOT_EXP|SSL_STRONG_NONE,
+       SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS,
        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        0,
        0,
@@ -2026,7 +2026,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_3DES,
        SSL_SHA1,
        SSL_TLSV1,
-       SSL_NOT_EXP|SSL_HIGH,
+       SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        168,
        168,
@@ -2042,7 +2042,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_AES128,
        SSL_SHA1,
        SSL_TLSV1,
-       SSL_NOT_EXP|SSL_HIGH,
+       SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        128,
        128,
@@ -2058,7 +2058,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_AES256,
        SSL_SHA1,
        SSL_TLSV1,
-       SSL_NOT_EXP|SSL_HIGH,
+       SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        256,
        256,
@@ -2074,7 +2074,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_eNULL,
        SSL_SHA1,
        SSL_TLSV1,
-       SSL_NOT_EXP|SSL_STRONG_NONE,
+       SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS,
        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        0,
        0,
@@ -2106,7 +2106,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_3DES,
        SSL_SHA1,
        SSL_TLSV1,
-       SSL_NOT_EXP|SSL_HIGH,
+       SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        168,
        168,
@@ -2122,7 +2122,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_AES128,
        SSL_SHA1,
        SSL_TLSV1,
-       SSL_NOT_EXP|SSL_HIGH,
+       SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        128,
        128,
@@ -2138,7 +2138,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_AES256,
        SSL_SHA1,
        SSL_TLSV1,
-       SSL_NOT_EXP|SSL_HIGH,
+       SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        256,
        256,
@@ -2154,7 +2154,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_eNULL,
        SSL_SHA1,
        SSL_TLSV1,
-       SSL_NOT_EXP|SSL_STRONG_NONE,
+       SSL_NOT_EXP|SSL_STRONG_NONE|SSL_FIPS,
        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        0,
        0,
@@ -2186,7 +2186,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_3DES,
        SSL_SHA1,
        SSL_TLSV1,
-       SSL_NOT_EXP|SSL_HIGH,
+       SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        168,
        168,
@@ -2202,7 +2202,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_AES128,
        SSL_SHA1,
        SSL_TLSV1,
-       SSL_NOT_EXP|SSL_HIGH,
+       SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        128,
        128,
@@ -2218,7 +2218,7 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={
        SSL_AES256,
        SSL_SHA1,
        SSL_TLSV1,
-       SSL_NOT_EXP|SSL_HIGH,
+       SSL_NOT_EXP|SSL_HIGH|SSL_FIPS,
        SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
        256,
        256,