diff options
| author |   doug <doug@openbsd.org> | 2015-07-17 15:50:37 +0000 |
|---|---|---|
| committer | doug <doug@openbsd.org> | 2015-07-17 15:50:37 +0000 |
| commit | 0d55bee678f24ce81421e92398ef94cda0e35277 (patch) | |
| tree | 529afb39a365297a7bf1adc0e7142eb3cab6a012 /lib/libssl/t1_lib.c | |
| parent | Consistently use SEL_RPL as the mask when testing selector privilege level (diff) | |
| download | wireguard-openbsd-0d55bee678f24ce81421e92398ef94cda0e35277.tar.xz wireguard-openbsd-0d55bee678f24ce81421e92398ef94cda0e35277.zip | |
Remove compat hack that disabled ECDHE-ECDSA on OS X.
For a few old releases, ECDHE-ECDSA was broken on OS X. This option
cannot differentiate between working and broken OS X so it disabled
ECDHE-ECDSA support on all OS X >= 10.6. 10.8-10.8.3 were the faulty
releases but these are no longer relevant. Tested on OS X 10.10 by jsing.
ok jsing@
Diffstat (limited to 'lib/libssl/t1_lib.c')
| -rw-r--r-- | lib/libssl/t1_lib.c | 86 |
1 files changed, 1 insertions, 85 deletions
diff --git a/lib/libssl/t1_lib.c b/lib/libssl/t1_lib.c index e901a901da7..b0f0de3bd8b 100644 --- a/lib/libssl/t1_lib.c +++ b/lib/libssl/t1_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: t1_lib.c,v 1.78 2015/06/19 01:38:54 doug Exp $ */ +/* $OpenBSD: t1_lib.c,v 1.79 2015/07/17 15:50:37 doug Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1204,87 +1204,6 @@ parse_error: return (0); } -/* ssl_check_for_safari attempts to fingerprint Safari using OS X - * SecureTransport using the TLS extension block in |d|, of length |n|. - * Safari, since 10.6, sends exactly these extensions, in this order: - * SNI, - * elliptic_curves - * ec_point_formats - * - * We wish to fingerprint Safari because they broke ECDHE-ECDSA support in 10.8, - * but they advertise support. So enabling ECDHE-ECDSA ciphers breaks them. - * Sadly we cannot differentiate 10.6, 10.7 and 10.8.4 (which work), from - * 10.8..10.8.3 (which don't work). - */ -static void -ssl_check_for_safari(SSL *s, const unsigned char *data, const unsigned char *d, - int n) -{ - unsigned short type, size; - static const unsigned char kSafariExtensionsBlock[] = { - 0x00, 0x0a, /* elliptic_curves extension */ - 0x00, 0x08, /* 8 bytes */ - 0x00, 0x06, /* 6 bytes of curve ids */ - 0x00, 0x17, /* P-256 */ - 0x00, 0x18, /* P-384 */ - 0x00, 0x19, /* P-521 */ - - 0x00, 0x0b, /* ec_point_formats */ - 0x00, 0x02, /* 2 bytes */ - 0x01, /* 1 point format */ - 0x00, /* uncompressed */ - }; - - /* The following is only present in TLS 1.2 */ - static const unsigned char kSafariTLS12ExtensionsBlock[] = { - 0x00, 0x0d, /* signature_algorithms */ - 0x00, 0x0c, /* 12 bytes */ - 0x00, 0x0a, /* 10 bytes */ - 0x05, 0x01, /* SHA-384/RSA */ - 0x04, 0x01, /* SHA-256/RSA */ - 0x02, 0x01, /* SHA-1/RSA */ - 0x04, 0x03, /* SHA-256/ECDSA */ - 0x02, 0x03, /* SHA-1/ECDSA */ - }; - - if (data >= (d + n - 2)) - return; - data += 2; - - if (data > (d + n - 4)) - return; - n2s(data, type); - n2s(data, size); - - if (type != TLSEXT_TYPE_server_name) - return; - - if (data + size > d + n) - return; - data += size; - - if (TLS1_get_client_version(s) >= TLS1_2_VERSION) { - const size_t len1 = sizeof(kSafariExtensionsBlock); - const size_t len2 = sizeof(kSafariTLS12ExtensionsBlock); - - if (data + len1 + len2 != d + n) - return; - if (memcmp(data, kSafariExtensionsBlock, len1) != 0) - return; - if (memcmp(data + len1, kSafariTLS12ExtensionsBlock, len2) != 0) - return; - } else { - const size_t len = sizeof(kSafariExtensionsBlock); - - if (data + len != d + n) - return; - if (memcmp(data, kSafariExtensionsBlock, len) != 0) - return; - } - - s->s3->is_probably_safari = 1; -} - int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, int n, int *al) @@ -1302,9 +1221,6 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, free(s->s3->alpn_selected); s->s3->alpn_selected = NULL; - if (s->options & SSL_OP_SAFARI_ECDHE_ECDSA_BUG) - ssl_check_for_safari(s, data, d, n); - if (data >= (d + n - 2)) goto ri_check; n2s(data, len); |