diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libssl/doc/SSL_CTX_set_options.3 | 7 | ||||
| -rw-r--r-- | src/lib/libssl/s3_lib.c | 10 | ||||
| -rw-r--r-- | src/lib/libssl/src/doc/ssl/SSL_CTX_set_options.3 | 7 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/s3_lib.c | 10 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/ssl.h | 5 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/ssl3.h | 9 | ||||
| -rw-r--r-- | src/lib/libssl/src/ssl/t1_lib.c | 86 | ||||
| -rw-r--r-- | src/lib/libssl/ssl.h | 5 | ||||
| -rw-r--r-- | src/lib/libssl/ssl3.h | 9 | ||||
| -rw-r--r-- | src/lib/libssl/t1_lib.c | 86 |
10 files changed, 26 insertions, 208 deletions
diff --git a/src/lib/libssl/doc/SSL_CTX_set_options.3 b/src/lib/libssl/doc/SSL_CTX_set_options.3 index 922522a33c..91a1c9ad92 100644 --- a/src/lib/libssl/doc/SSL_CTX_set_options.3 +++ b/src/lib/libssl/doc/SSL_CTX_set_options.3 | |||
| @@ -1,5 +1,5 @@ | |||
| 1 | .\" | 1 | .\" |
| 2 | .\" $OpenBSD: SSL_CTX_set_options.3,v 1.7 2015/07/17 07:04:40 doug Exp $ | 2 | .\" $OpenBSD: SSL_CTX_set_options.3,v 1.8 2015/07/17 15:50:37 doug Exp $ |
| 3 | .\" | 3 | .\" |
| 4 | .Dd $Mdocdate: July 17 2015 $ | 4 | .Dd $Mdocdate: July 17 2015 $ |
| 5 | .Dt SSL_CTX_SET_OPTIONS 3 | 5 | .Dt SSL_CTX_SET_OPTIONS 3 |
| @@ -116,8 +116,9 @@ this option has no effect. | |||
| 116 | .It Dv SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER | 116 | .It Dv SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER |
| 117 | \&... | 117 | \&... |
| 118 | .It Dv SSL_OP_SAFARI_ECDHE_ECDSA_BUG | 118 | .It Dv SSL_OP_SAFARI_ECDHE_ECDSA_BUG |
| 119 | Don't prefer ECDHE-ECDSA ciphers when the client appears to be Safari on OS X. | 119 | As of |
| 120 | OS X 10.8..10.8.3 has broken support for ECDHE-ECDSA ciphers. | 120 | .Ox 5.8 , |
| 121 | this option has no effect. | ||
| 121 | .It Dv SSL_OP_SSLEAY_080_CLIENT_DH_BUG | 122 | .It Dv SSL_OP_SSLEAY_080_CLIENT_DH_BUG |
| 122 | As of | 123 | As of |
| 123 | .Ox 5.8 , | 124 | .Ox 5.8 , |
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c index c838409bf7..9167257546 100644 --- a/src/lib/libssl/s3_lib.c +++ b/src/lib/libssl/s3_lib.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: s3_lib.c,v 1.97 2015/07/14 05:20:46 doug Exp $ */ | 1 | /* $OpenBSD: s3_lib.c,v 1.98 2015/07/17 15:50:37 doug Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -2087,8 +2087,6 @@ ssl3_clear(SSL *s) | |||
| 2087 | EC_KEY_free(s->s3->tmp.ecdh); | 2087 | EC_KEY_free(s->s3->tmp.ecdh); |
| 2088 | s->s3->tmp.ecdh = NULL; | 2088 | s->s3->tmp.ecdh = NULL; |
| 2089 | 2089 | ||
| 2090 | s->s3->is_probably_safari = 0; | ||
| 2091 | |||
| 2092 | rp = s->s3->rbuf.buf; | 2090 | rp = s->s3->rbuf.buf; |
| 2093 | wp = s->s3->wbuf.buf; | 2091 | wp = s->s3->wbuf.buf; |
| 2094 | rlen = s->s3->rbuf.len; | 2092 | rlen = s->s3->rbuf.len; |
| @@ -2618,12 +2616,6 @@ ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, | |||
| 2618 | continue; | 2616 | continue; |
| 2619 | ii = sk_SSL_CIPHER_find(allow, c); | 2617 | ii = sk_SSL_CIPHER_find(allow, c); |
| 2620 | if (ii >= 0) { | 2618 | if (ii >= 0) { |
| 2621 | if ((alg_k & SSL_kECDHE) && | ||
| 2622 | (alg_a & SSL_aECDSA) && s->s3->is_probably_safari) { | ||
| 2623 | if (!ret) | ||
| 2624 | ret = sk_SSL_CIPHER_value(allow, ii); | ||
| 2625 | continue; | ||
| 2626 | } | ||
| 2627 | ret = sk_SSL_CIPHER_value(allow, ii); | 2619 | ret = sk_SSL_CIPHER_value(allow, ii); |
| 2628 | break; | 2620 | break; |
| 2629 | } | 2621 | } |
diff --git a/src/lib/libssl/src/doc/ssl/SSL_CTX_set_options.3 b/src/lib/libssl/src/doc/ssl/SSL_CTX_set_options.3 index 922522a33c..91a1c9ad92 100644 --- a/src/lib/libssl/src/doc/ssl/SSL_CTX_set_options.3 +++ b/src/lib/libssl/src/doc/ssl/SSL_CTX_set_options.3 | |||
| @@ -1,5 +1,5 @@ | |||
| 1 | .\" | 1 | .\" |
| 2 | .\" $OpenBSD: SSL_CTX_set_options.3,v 1.7 2015/07/17 07:04:40 doug Exp $ | 2 | .\" $OpenBSD: SSL_CTX_set_options.3,v 1.8 2015/07/17 15:50:37 doug Exp $ |
| 3 | .\" | 3 | .\" |
| 4 | .Dd $Mdocdate: July 17 2015 $ | 4 | .Dd $Mdocdate: July 17 2015 $ |
| 5 | .Dt SSL_CTX_SET_OPTIONS 3 | 5 | .Dt SSL_CTX_SET_OPTIONS 3 |
| @@ -116,8 +116,9 @@ this option has no effect. | |||
| 116 | .It Dv SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER | 116 | .It Dv SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER |
| 117 | \&... | 117 | \&... |
| 118 | .It Dv SSL_OP_SAFARI_ECDHE_ECDSA_BUG | 118 | .It Dv SSL_OP_SAFARI_ECDHE_ECDSA_BUG |
| 119 | Don't prefer ECDHE-ECDSA ciphers when the client appears to be Safari on OS X. | 119 | As of |
| 120 | OS X 10.8..10.8.3 has broken support for ECDHE-ECDSA ciphers. | 120 | .Ox 5.8 , |
| 121 | this option has no effect. | ||
| 121 | .It Dv SSL_OP_SSLEAY_080_CLIENT_DH_BUG | 122 | .It Dv SSL_OP_SSLEAY_080_CLIENT_DH_BUG |
| 122 | As of | 123 | As of |
| 123 | .Ox 5.8 , | 124 | .Ox 5.8 , |
diff --git a/src/lib/libssl/src/ssl/s3_lib.c b/src/lib/libssl/src/ssl/s3_lib.c index c838409bf7..9167257546 100644 --- a/src/lib/libssl/src/ssl/s3_lib.c +++ b/src/lib/libssl/src/ssl/s3_lib.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: s3_lib.c,v 1.97 2015/07/14 05:20:46 doug Exp $ */ | 1 | /* $OpenBSD: s3_lib.c,v 1.98 2015/07/17 15:50:37 doug Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -2087,8 +2087,6 @@ ssl3_clear(SSL *s) | |||
| 2087 | EC_KEY_free(s->s3->tmp.ecdh); | 2087 | EC_KEY_free(s->s3->tmp.ecdh); |
| 2088 | s->s3->tmp.ecdh = NULL; | 2088 | s->s3->tmp.ecdh = NULL; |
| 2089 | 2089 | ||
| 2090 | s->s3->is_probably_safari = 0; | ||
| 2091 | |||
| 2092 | rp = s->s3->rbuf.buf; | 2090 | rp = s->s3->rbuf.buf; |
| 2093 | wp = s->s3->wbuf.buf; | 2091 | wp = s->s3->wbuf.buf; |
| 2094 | rlen = s->s3->rbuf.len; | 2092 | rlen = s->s3->rbuf.len; |
| @@ -2618,12 +2616,6 @@ ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, | |||
| 2618 | continue; | 2616 | continue; |
| 2619 | ii = sk_SSL_CIPHER_find(allow, c); | 2617 | ii = sk_SSL_CIPHER_find(allow, c); |
| 2620 | if (ii >= 0) { | 2618 | if (ii >= 0) { |
| 2621 | if ((alg_k & SSL_kECDHE) && | ||
| 2622 | (alg_a & SSL_aECDSA) && s->s3->is_probably_safari) { | ||
| 2623 | if (!ret) | ||
| 2624 | ret = sk_SSL_CIPHER_value(allow, ii); | ||
| 2625 | continue; | ||
| 2626 | } | ||
| 2627 | ret = sk_SSL_CIPHER_value(allow, ii); | 2619 | ret = sk_SSL_CIPHER_value(allow, ii); |
| 2628 | break; | 2620 | break; |
| 2629 | } | 2621 | } |
diff --git a/src/lib/libssl/src/ssl/ssl.h b/src/lib/libssl/src/ssl/ssl.h index 84154a5176..33aaadcd20 100644 --- a/src/lib/libssl/src/ssl/ssl.h +++ b/src/lib/libssl/src/ssl/ssl.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl.h,v 1.88 2015/07/17 07:04:41 doug Exp $ */ | 1 | /* $OpenBSD: ssl.h,v 1.89 2015/07/17 15:50:37 doug Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -520,7 +520,6 @@ struct ssl_session_st { | |||
| 520 | #define SSL_OP_LEGACY_SERVER_CONNECT 0x00000004L | 520 | #define SSL_OP_LEGACY_SERVER_CONNECT 0x00000004L |
| 521 | #define SSL_OP_TLSEXT_PADDING 0x00000010L | 521 | #define SSL_OP_TLSEXT_PADDING 0x00000010L |
| 522 | #define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020L | 522 | #define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020L |
| 523 | #define SSL_OP_SAFARI_ECDHE_ECDSA_BUG 0x00000040L | ||
| 524 | #define SSL_OP_TLS_D5_BUG 0x00000100L | 523 | #define SSL_OP_TLS_D5_BUG 0x00000100L |
| 525 | 524 | ||
| 526 | /* Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added | 525 | /* Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added |
| @@ -575,7 +574,6 @@ struct ssl_session_st { | |||
| 575 | (SSL_OP_LEGACY_SERVER_CONNECT | \ | 574 | (SSL_OP_LEGACY_SERVER_CONNECT | \ |
| 576 | SSL_OP_TLSEXT_PADDING | \ | 575 | SSL_OP_TLSEXT_PADDING | \ |
| 577 | SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER | \ | 576 | SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER | \ |
| 578 | SSL_OP_SAFARI_ECDHE_ECDSA_BUG | \ | ||
| 579 | SSL_OP_TLS_D5_BUG | \ | 577 | SSL_OP_TLS_D5_BUG | \ |
| 580 | SSL_OP_CRYPTOPRO_TLSEXT_BUG) | 578 | SSL_OP_CRYPTOPRO_TLSEXT_BUG) |
| 581 | 579 | ||
| @@ -590,6 +588,7 @@ struct ssl_session_st { | |||
| 590 | #define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x0 | 588 | #define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x0 |
| 591 | #define SSL_OP_PKCS1_CHECK_1 0x0 | 589 | #define SSL_OP_PKCS1_CHECK_1 0x0 |
| 592 | #define SSL_OP_PKCS1_CHECK_2 0x0 | 590 | #define SSL_OP_PKCS1_CHECK_2 0x0 |
| 591 | #define SSL_OP_SAFARI_ECDHE_ECDSA_BUG 0x0 | ||
| 593 | #define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x0 | 592 | #define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x0 |
| 594 | #define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x0 | 593 | #define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x0 |
| 595 | #define SSL_OP_TLS_BLOCK_PADDING_BUG 0x0 | 594 | #define SSL_OP_TLS_BLOCK_PADDING_BUG 0x0 |
diff --git a/src/lib/libssl/src/ssl/ssl3.h b/src/lib/libssl/src/ssl/ssl3.h index 8bcf9e37e8..4de50428a8 100644 --- a/src/lib/libssl/src/ssl/ssl3.h +++ b/src/lib/libssl/src/ssl/ssl3.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl3.h,v 1.38 2015/07/17 07:04:41 doug Exp $ */ | 1 | /* $OpenBSD: ssl3.h,v 1.39 2015/07/17 15:50:37 doug Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -490,9 +490,10 @@ typedef struct ssl3_state_st { | |||
| 490 | unsigned char *alpn_selected; | 490 | unsigned char *alpn_selected; |
| 491 | unsigned int alpn_selected_len; | 491 | unsigned int alpn_selected_len; |
| 492 | 492 | ||
| 493 | /* This is set to true if we believe that this is a version of Safari | 493 | /* |
| 494 | * running on OS X 10.6 or newer. We wish to know this because Safari | 494 | * XXX delete on next major bump. This was for old OS X releases |
| 495 | * on 10.8 .. 10.8.3 has broken ECDHE-ECDSA support. */ | 495 | * with broken ECDHE-ECDSA support. |
| 496 | */ | ||
| 496 | char is_probably_safari; | 497 | char is_probably_safari; |
| 497 | } SSL3_STATE; | 498 | } SSL3_STATE; |
| 498 | 499 | ||
diff --git a/src/lib/libssl/src/ssl/t1_lib.c b/src/lib/libssl/src/ssl/t1_lib.c index e901a901da..b0f0de3bd8 100644 --- a/src/lib/libssl/src/ssl/t1_lib.c +++ b/src/lib/libssl/src/ssl/t1_lib.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: t1_lib.c,v 1.78 2015/06/19 01:38:54 doug Exp $ */ | 1 | /* $OpenBSD: t1_lib.c,v 1.79 2015/07/17 15:50:37 doug Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -1204,87 +1204,6 @@ parse_error: | |||
| 1204 | return (0); | 1204 | return (0); |
| 1205 | } | 1205 | } |
| 1206 | 1206 | ||
| 1207 | /* ssl_check_for_safari attempts to fingerprint Safari using OS X | ||
| 1208 | * SecureTransport using the TLS extension block in |d|, of length |n|. | ||
| 1209 | * Safari, since 10.6, sends exactly these extensions, in this order: | ||
| 1210 | * SNI, | ||
| 1211 | * elliptic_curves | ||
| 1212 | * ec_point_formats | ||
| 1213 | * | ||
| 1214 | * We wish to fingerprint Safari because they broke ECDHE-ECDSA support in 10.8, | ||
| 1215 | * but they advertise support. So enabling ECDHE-ECDSA ciphers breaks them. | ||
| 1216 | * Sadly we cannot differentiate 10.6, 10.7 and 10.8.4 (which work), from | ||
| 1217 | * 10.8..10.8.3 (which don't work). | ||
| 1218 | */ | ||
| 1219 | static void | ||
| 1220 | ssl_check_for_safari(SSL *s, const unsigned char *data, const unsigned char *d, | ||
| 1221 | int n) | ||
| 1222 | { | ||
| 1223 | unsigned short type, size; | ||
| 1224 | static const unsigned char kSafariExtensionsBlock[] = { | ||
| 1225 | 0x00, 0x0a, /* elliptic_curves extension */ | ||
| 1226 | 0x00, 0x08, /* 8 bytes */ | ||
| 1227 | 0x00, 0x06, /* 6 bytes of curve ids */ | ||
| 1228 | 0x00, 0x17, /* P-256 */ | ||
| 1229 | 0x00, 0x18, /* P-384 */ | ||
| 1230 | 0x00, 0x19, /* P-521 */ | ||
| 1231 | |||
| 1232 | 0x00, 0x0b, /* ec_point_formats */ | ||
| 1233 | 0x00, 0x02, /* 2 bytes */ | ||
| 1234 | 0x01, /* 1 point format */ | ||
| 1235 | 0x00, /* uncompressed */ | ||
| 1236 | }; | ||
| 1237 | |||
| 1238 | /* The following is only present in TLS 1.2 */ | ||
| 1239 | static const unsigned char kSafariTLS12ExtensionsBlock[] = { | ||
| 1240 | 0x00, 0x0d, /* signature_algorithms */ | ||
| 1241 | 0x00, 0x0c, /* 12 bytes */ | ||
| 1242 | 0x00, 0x0a, /* 10 bytes */ | ||
| 1243 | 0x05, 0x01, /* SHA-384/RSA */ | ||
| 1244 | 0x04, 0x01, /* SHA-256/RSA */ | ||
| 1245 | 0x02, 0x01, /* SHA-1/RSA */ | ||
| 1246 | 0x04, 0x03, /* SHA-256/ECDSA */ | ||
| 1247 | 0x02, 0x03, /* SHA-1/ECDSA */ | ||
| 1248 | }; | ||
| 1249 | |||
| 1250 | if (data >= (d + n - 2)) | ||
| 1251 | return; | ||
| 1252 | data += 2; | ||
| 1253 | |||
| 1254 | if (data > (d + n - 4)) | ||
| 1255 | return; | ||
| 1256 | n2s(data, type); | ||
| 1257 | n2s(data, size); | ||
| 1258 | |||
| 1259 | if (type != TLSEXT_TYPE_server_name) | ||
| 1260 | return; | ||
| 1261 | |||
| 1262 | if (data + size > d + n) | ||
| 1263 | return; | ||
| 1264 | data += size; | ||
| 1265 | |||
| 1266 | if (TLS1_get_client_version(s) >= TLS1_2_VERSION) { | ||
| 1267 | const size_t len1 = sizeof(kSafariExtensionsBlock); | ||
| 1268 | const size_t len2 = sizeof(kSafariTLS12ExtensionsBlock); | ||
| 1269 | |||
| 1270 | if (data + len1 + len2 != d + n) | ||
| 1271 | return; | ||
| 1272 | if (memcmp(data, kSafariExtensionsBlock, len1) != 0) | ||
| 1273 | return; | ||
| 1274 | if (memcmp(data + len1, kSafariTLS12ExtensionsBlock, len2) != 0) | ||
| 1275 | return; | ||
| 1276 | } else { | ||
| 1277 | const size_t len = sizeof(kSafariExtensionsBlock); | ||
| 1278 | |||
| 1279 | if (data + len != d + n) | ||
| 1280 | return; | ||
| 1281 | if (memcmp(data, kSafariExtensionsBlock, len) != 0) | ||
| 1282 | return; | ||
| 1283 | } | ||
| 1284 | |||
| 1285 | s->s3->is_probably_safari = 1; | ||
| 1286 | } | ||
| 1287 | |||
| 1288 | int | 1207 | int |
| 1289 | ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, | 1208 | ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, |
| 1290 | int n, int *al) | 1209 | int n, int *al) |
| @@ -1302,9 +1221,6 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, | |||
| 1302 | free(s->s3->alpn_selected); | 1221 | free(s->s3->alpn_selected); |
| 1303 | s->s3->alpn_selected = NULL; | 1222 | s->s3->alpn_selected = NULL; |
| 1304 | 1223 | ||
| 1305 | if (s->options & SSL_OP_SAFARI_ECDHE_ECDSA_BUG) | ||
| 1306 | ssl_check_for_safari(s, data, d, n); | ||
| 1307 | |||
| 1308 | if (data >= (d + n - 2)) | 1224 | if (data >= (d + n - 2)) |
| 1309 | goto ri_check; | 1225 | goto ri_check; |
| 1310 | n2s(data, len); | 1226 | n2s(data, len); |
diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h index 84154a5176..33aaadcd20 100644 --- a/src/lib/libssl/ssl.h +++ b/src/lib/libssl/ssl.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl.h,v 1.88 2015/07/17 07:04:41 doug Exp $ */ | 1 | /* $OpenBSD: ssl.h,v 1.89 2015/07/17 15:50:37 doug Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -520,7 +520,6 @@ struct ssl_session_st { | |||
| 520 | #define SSL_OP_LEGACY_SERVER_CONNECT 0x00000004L | 520 | #define SSL_OP_LEGACY_SERVER_CONNECT 0x00000004L |
| 521 | #define SSL_OP_TLSEXT_PADDING 0x00000010L | 521 | #define SSL_OP_TLSEXT_PADDING 0x00000010L |
| 522 | #define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020L | 522 | #define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER 0x00000020L |
| 523 | #define SSL_OP_SAFARI_ECDHE_ECDSA_BUG 0x00000040L | ||
| 524 | #define SSL_OP_TLS_D5_BUG 0x00000100L | 523 | #define SSL_OP_TLS_D5_BUG 0x00000100L |
| 525 | 524 | ||
| 526 | /* Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added | 525 | /* Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added |
| @@ -575,7 +574,6 @@ struct ssl_session_st { | |||
| 575 | (SSL_OP_LEGACY_SERVER_CONNECT | \ | 574 | (SSL_OP_LEGACY_SERVER_CONNECT | \ |
| 576 | SSL_OP_TLSEXT_PADDING | \ | 575 | SSL_OP_TLSEXT_PADDING | \ |
| 577 | SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER | \ | 576 | SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER | \ |
| 578 | SSL_OP_SAFARI_ECDHE_ECDSA_BUG | \ | ||
| 579 | SSL_OP_TLS_D5_BUG | \ | 577 | SSL_OP_TLS_D5_BUG | \ |
| 580 | SSL_OP_CRYPTOPRO_TLSEXT_BUG) | 578 | SSL_OP_CRYPTOPRO_TLSEXT_BUG) |
| 581 | 579 | ||
| @@ -590,6 +588,7 @@ struct ssl_session_st { | |||
| 590 | #define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x0 | 588 | #define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 0x0 |
| 591 | #define SSL_OP_PKCS1_CHECK_1 0x0 | 589 | #define SSL_OP_PKCS1_CHECK_1 0x0 |
| 592 | #define SSL_OP_PKCS1_CHECK_2 0x0 | 590 | #define SSL_OP_PKCS1_CHECK_2 0x0 |
| 591 | #define SSL_OP_SAFARI_ECDHE_ECDSA_BUG 0x0 | ||
| 593 | #define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x0 | 592 | #define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x0 |
| 594 | #define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x0 | 593 | #define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG 0x0 |
| 595 | #define SSL_OP_TLS_BLOCK_PADDING_BUG 0x0 | 594 | #define SSL_OP_TLS_BLOCK_PADDING_BUG 0x0 |
diff --git a/src/lib/libssl/ssl3.h b/src/lib/libssl/ssl3.h index 8bcf9e37e8..4de50428a8 100644 --- a/src/lib/libssl/ssl3.h +++ b/src/lib/libssl/ssl3.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl3.h,v 1.38 2015/07/17 07:04:41 doug Exp $ */ | 1 | /* $OpenBSD: ssl3.h,v 1.39 2015/07/17 15:50:37 doug Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -490,9 +490,10 @@ typedef struct ssl3_state_st { | |||
| 490 | unsigned char *alpn_selected; | 490 | unsigned char *alpn_selected; |
| 491 | unsigned int alpn_selected_len; | 491 | unsigned int alpn_selected_len; |
| 492 | 492 | ||
| 493 | /* This is set to true if we believe that this is a version of Safari | 493 | /* |
| 494 | * running on OS X 10.6 or newer. We wish to know this because Safari | 494 | * XXX delete on next major bump. This was for old OS X releases |
| 495 | * on 10.8 .. 10.8.3 has broken ECDHE-ECDSA support. */ | 495 | * with broken ECDHE-ECDSA support. |
| 496 | */ | ||
| 496 | char is_probably_safari; | 497 | char is_probably_safari; |
| 497 | } SSL3_STATE; | 498 | } SSL3_STATE; |
| 498 | 499 | ||
diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c index e901a901da..b0f0de3bd8 100644 --- a/src/lib/libssl/t1_lib.c +++ b/src/lib/libssl/t1_lib.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: t1_lib.c,v 1.78 2015/06/19 01:38:54 doug Exp $ */ | 1 | /* $OpenBSD: t1_lib.c,v 1.79 2015/07/17 15:50:37 doug Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -1204,87 +1204,6 @@ parse_error: | |||
| 1204 | return (0); | 1204 | return (0); |
| 1205 | } | 1205 | } |
| 1206 | 1206 | ||
| 1207 | /* ssl_check_for_safari attempts to fingerprint Safari using OS X | ||
| 1208 | * SecureTransport using the TLS extension block in |d|, of length |n|. | ||
| 1209 | * Safari, since 10.6, sends exactly these extensions, in this order: | ||
| 1210 | * SNI, | ||
| 1211 | * elliptic_curves | ||
| 1212 | * ec_point_formats | ||
| 1213 | * | ||
| 1214 | * We wish to fingerprint Safari because they broke ECDHE-ECDSA support in 10.8, | ||
| 1215 | * but they advertise support. So enabling ECDHE-ECDSA ciphers breaks them. | ||
| 1216 | * Sadly we cannot differentiate 10.6, 10.7 and 10.8.4 (which work), from | ||
| 1217 | * 10.8..10.8.3 (which don't work). | ||
| 1218 | */ | ||
| 1219 | static void | ||
| 1220 | ssl_check_for_safari(SSL *s, const unsigned char *data, const unsigned char *d, | ||
| 1221 | int n) | ||
| 1222 | { | ||
| 1223 | unsigned short type, size; | ||
| 1224 | static const unsigned char kSafariExtensionsBlock[] = { | ||
| 1225 | 0x00, 0x0a, /* elliptic_curves extension */ | ||
| 1226 | 0x00, 0x08, /* 8 bytes */ | ||
| 1227 | 0x00, 0x06, /* 6 bytes of curve ids */ | ||
| 1228 | 0x00, 0x17, /* P-256 */ | ||
| 1229 | 0x00, 0x18, /* P-384 */ | ||
| 1230 | 0x00, 0x19, /* P-521 */ | ||
| 1231 | |||
| 1232 | 0x00, 0x0b, /* ec_point_formats */ | ||
| 1233 | 0x00, 0x02, /* 2 bytes */ | ||
| 1234 | 0x01, /* 1 point format */ | ||
| 1235 | 0x00, /* uncompressed */ | ||
| 1236 | }; | ||
| 1237 | |||
| 1238 | /* The following is only present in TLS 1.2 */ | ||
| 1239 | static const unsigned char kSafariTLS12ExtensionsBlock[] = { | ||
| 1240 | 0x00, 0x0d, /* signature_algorithms */ | ||
| 1241 | 0x00, 0x0c, /* 12 bytes */ | ||
| 1242 | 0x00, 0x0a, /* 10 bytes */ | ||
| 1243 | 0x05, 0x01, /* SHA-384/RSA */ | ||
| 1244 | 0x04, 0x01, /* SHA-256/RSA */ | ||
| 1245 | 0x02, 0x01, /* SHA-1/RSA */ | ||
| 1246 | 0x04, 0x03, /* SHA-256/ECDSA */ | ||
| 1247 | 0x02, 0x03, /* SHA-1/ECDSA */ | ||
| 1248 | }; | ||
| 1249 | |||
| 1250 | if (data >= (d + n - 2)) | ||
| 1251 | return; | ||
| 1252 | data += 2; | ||
| 1253 | |||
| 1254 | if (data > (d + n - 4)) | ||
| 1255 | return; | ||
| 1256 | n2s(data, type); | ||
| 1257 | n2s(data, size); | ||
| 1258 | |||
| 1259 | if (type != TLSEXT_TYPE_server_name) | ||
| 1260 | return; | ||
| 1261 | |||
| 1262 | if (data + size > d + n) | ||
| 1263 | return; | ||
| 1264 | data += size; | ||
| 1265 | |||
| 1266 | if (TLS1_get_client_version(s) >= TLS1_2_VERSION) { | ||
| 1267 | const size_t len1 = sizeof(kSafariExtensionsBlock); | ||
| 1268 | const size_t len2 = sizeof(kSafariTLS12ExtensionsBlock); | ||
| 1269 | |||
| 1270 | if (data + len1 + len2 != d + n) | ||
| 1271 | return; | ||
| 1272 | if (memcmp(data, kSafariExtensionsBlock, len1) != 0) | ||
| 1273 | return; | ||
| 1274 | if (memcmp(data + len1, kSafariTLS12ExtensionsBlock, len2) != 0) | ||
| 1275 | return; | ||
| 1276 | } else { | ||
| 1277 | const size_t len = sizeof(kSafariExtensionsBlock); | ||
| 1278 | |||
| 1279 | if (data + len != d + n) | ||
| 1280 | return; | ||
| 1281 | if (memcmp(data, kSafariExtensionsBlock, len) != 0) | ||
| 1282 | return; | ||
| 1283 | } | ||
| 1284 | |||
| 1285 | s->s3->is_probably_safari = 1; | ||
| 1286 | } | ||
| 1287 | |||
| 1288 | int | 1207 | int |
| 1289 | ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, | 1208 | ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, |
| 1290 | int n, int *al) | 1209 | int n, int *al) |
| @@ -1302,9 +1221,6 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, | |||
| 1302 | free(s->s3->alpn_selected); | 1221 | free(s->s3->alpn_selected); |
| 1303 | s->s3->alpn_selected = NULL; | 1222 | s->s3->alpn_selected = NULL; |
| 1304 | 1223 | ||
| 1305 | if (s->options & SSL_OP_SAFARI_ECDHE_ECDSA_BUG) | ||
| 1306 | ssl_check_for_safari(s, data, d, n); | ||
| 1307 | |||
| 1308 | if (data >= (d + n - 2)) | 1224 | if (data >= (d + n - 2)) |
| 1309 | goto ri_check; | 1225 | goto ri_check; |
| 1310 | n2s(data, len); | 1226 | n2s(data, len); |