| t1_lib.c (246772) | t1_lib.c (261037) |
|---|---|
| 1/* ssl/t1_lib.c */ 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 3 * All rights reserved. 4 * 5 * This package is an SSL implementation written 6 * by Eric Young (eay@cryptsoft.com). 7 * The implementation was written so as to conform with Netscapes SSL. 8 * --- 328 unchanged lines hidden (view full) --- 337#endif 338#ifndef OPENSSL_NO_SHA256 339 tlsext_sigalg(TLSEXT_hash_sha256) 340 tlsext_sigalg(TLSEXT_hash_sha224) 341#endif 342#ifndef OPENSSL_NO_SHA 343 tlsext_sigalg(TLSEXT_hash_sha1) 344#endif | 1/* ssl/t1_lib.c */ 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 3 * All rights reserved. 4 * 5 * This package is an SSL implementation written 6 * by Eric Young (eay@cryptsoft.com). 7 * The implementation was written so as to conform with Netscapes SSL. 8 * --- 328 unchanged lines hidden (view full) --- 337#endif 338#ifndef OPENSSL_NO_SHA256 339 tlsext_sigalg(TLSEXT_hash_sha256) 340 tlsext_sigalg(TLSEXT_hash_sha224) 341#endif 342#ifndef OPENSSL_NO_SHA 343 tlsext_sigalg(TLSEXT_hash_sha1) 344#endif |
| 345#ifndef OPENSSL_NO_MD5 346 tlsext_sigalg_rsa(TLSEXT_hash_md5) 347#endif | |
| 348}; 349 350int tls12_get_req_sig_algs(SSL *s, unsigned char *p) 351 { 352 size_t slen = sizeof(tls12_sigalgs); | 345}; 346 347int tls12_get_req_sig_algs(SSL *s, unsigned char *p) 348 { 349 size_t slen = sizeof(tls12_sigalgs); |
| 353#ifdef OPENSSL_FIPS 354 /* If FIPS mode don't include MD5 which is last */ 355 if (FIPS_mode()) 356 slen -= 2; 357#endif | |
| 358 if (p) 359 memcpy(p, tls12_sigalgs, slen); 360 return (int)slen; 361 } 362 363unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned char *limit) 364 { 365 int extdatalen=0; --- 495 unchanged lines hidden (view full) --- 861 862 if ((extdatalen = ret-p-2)== 0) 863 return p; 864 865 s2n(extdatalen,p); 866 return ret; 867 } 868 | 350 if (p) 351 memcpy(p, tls12_sigalgs, slen); 352 return (int)slen; 353 } 354 355unsigned char *ssl_add_clienthello_tlsext(SSL *s, unsigned char *p, unsigned char *limit) 356 { 357 int extdatalen=0; --- 495 unchanged lines hidden (view full) --- 853 854 if ((extdatalen = ret-p-2)== 0) 855 return p; 856 857 s2n(extdatalen,p); 858 return ret; 859 } 860 |
| 861#ifndef OPENSSL_NO_EC 862/* ssl_check_for_safari attempts to fingerprint Safari using OS X 863 * SecureTransport using the TLS extension block in |d|, of length |n|. 864 * Safari, since 10.6, sends exactly these extensions, in this order: 865 * SNI, 866 * elliptic_curves 867 * ec_point_formats 868 * 869 * We wish to fingerprint Safari because they broke ECDHE-ECDSA support in 10.8, 870 * but they advertise support. So enabling ECDHE-ECDSA ciphers breaks them. 871 * Sadly we cannot differentiate 10.6, 10.7 and 10.8.4 (which work), from 872 * 10.8..10.8.3 (which don't work). 873 */ 874static void ssl_check_for_safari(SSL *s, const unsigned char *data, const unsigned char *d, int n) { 875 unsigned short type, size; 876 static const unsigned char kSafariExtensionsBlock[] = { 877 0x00, 0x0a, /* elliptic_curves extension */ 878 0x00, 0x08, /* 8 bytes */ 879 0x00, 0x06, /* 6 bytes of curve ids */ 880 0x00, 0x17, /* P-256 */ 881 0x00, 0x18, /* P-384 */ 882 0x00, 0x19, /* P-521 */ 883 884 0x00, 0x0b, /* ec_point_formats */ 885 0x00, 0x02, /* 2 bytes */ 886 0x01, /* 1 point format */ 887 0x00, /* uncompressed */ 888 }; 889 890 /* The following is only present in TLS 1.2 */ 891 static const unsigned char kSafariTLS12ExtensionsBlock[] = { 892 0x00, 0x0d, /* signature_algorithms */ 893 0x00, 0x0c, /* 12 bytes */ 894 0x00, 0x0a, /* 10 bytes */ 895 0x05, 0x01, /* SHA-384/RSA */ 896 0x04, 0x01, /* SHA-256/RSA */ 897 0x02, 0x01, /* SHA-1/RSA */ 898 0x04, 0x03, /* SHA-256/ECDSA */ 899 0x02, 0x03, /* SHA-1/ECDSA */ 900 }; 901 902 if (data >= (d+n-2)) 903 return; 904 data += 2; 905 906 if (data > (d+n-4)) 907 return; 908 n2s(data,type); 909 n2s(data,size); 910 911 if (type != TLSEXT_TYPE_server_name) 912 return; 913 914 if (data+size > d+n) 915 return; 916 data += size; 917 918 if (TLS1_get_client_version(s) >= TLS1_2_VERSION) 919 { 920 const size_t len1 = sizeof(kSafariExtensionsBlock); 921 const size_t len2 = sizeof(kSafariTLS12ExtensionsBlock); 922 923 if (data + len1 + len2 != d+n) 924 return; 925 if (memcmp(data, kSafariExtensionsBlock, len1) != 0) 926 return; 927 if (memcmp(data + len1, kSafariTLS12ExtensionsBlock, len2) != 0) 928 return; 929 } 930 else 931 { 932 const size_t len = sizeof(kSafariExtensionsBlock); 933 934 if (data + len != d+n) 935 return; 936 if (memcmp(data, kSafariExtensionsBlock, len) != 0) 937 return; 938 } 939 940 s->s3->is_probably_safari = 1; 941} 942#endif /* !OPENSSL_NO_EC */ 943 |
|
| 869int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, int n, int *al) 870 { 871 unsigned short type; 872 unsigned short size; 873 unsigned short len; 874 unsigned char *data = *p; 875 int renegotiate_seen = 0; 876 int sigalg_seen = 0; --- 4 unchanged lines hidden (view full) --- 881 s->s3->next_proto_neg_seen = 0; 882#endif 883 884#ifndef OPENSSL_NO_HEARTBEATS 885 s->tlsext_heartbeat &= ~(SSL_TLSEXT_HB_ENABLED | 886 SSL_TLSEXT_HB_DONT_SEND_REQUESTS); 887#endif 888 | 944int ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d, int n, int *al) 945 { 946 unsigned short type; 947 unsigned short size; 948 unsigned short len; 949 unsigned char *data = *p; 950 int renegotiate_seen = 0; 951 int sigalg_seen = 0; --- 4 unchanged lines hidden (view full) --- 956 s->s3->next_proto_neg_seen = 0; 957#endif 958 959#ifndef OPENSSL_NO_HEARTBEATS 960 s->tlsext_heartbeat &= ~(SSL_TLSEXT_HB_ENABLED | 961 SSL_TLSEXT_HB_DONT_SEND_REQUESTS); 962#endif 963 |
| 964#ifndef OPENSSL_NO_EC 965 if (s->options & SSL_OP_SAFARI_ECDHE_ECDSA_BUG) 966 ssl_check_for_safari(s, data, d, n); 967#endif /* !OPENSSL_NO_EC */ 968 |
|
| 889 if (data >= (d+n-2)) 890 goto ri_check; 891 n2s(data,len); 892 893 if (data > (d+n-len)) 894 goto ri_check; 895 896 while (data <= (d+n-4)) --- 1462 unchanged lines hidden (view full) --- 2359 return tls12_find_id(pk->type, tls12_sig, 2360 sizeof(tls12_sig)/sizeof(tls12_lookup)); 2361 } 2362 2363const EVP_MD *tls12_get_hash(unsigned char hash_alg) 2364 { 2365 switch(hash_alg) 2366 { | 969 if (data >= (d+n-2)) 970 goto ri_check; 971 n2s(data,len); 972 973 if (data > (d+n-len)) 974 goto ri_check; 975 976 while (data <= (d+n-4)) --- 1462 unchanged lines hidden (view full) --- 2439 return tls12_find_id(pk->type, tls12_sig, 2440 sizeof(tls12_sig)/sizeof(tls12_lookup)); 2441 } 2442 2443const EVP_MD *tls12_get_hash(unsigned char hash_alg) 2444 { 2445 switch(hash_alg) 2446 { |
| 2367#ifndef OPENSSL_NO_MD5 2368 case TLSEXT_hash_md5: 2369#ifdef OPENSSL_FIPS 2370 if (FIPS_mode()) 2371 return NULL; 2372#endif 2373 return EVP_md5(); 2374#endif | |
| 2375#ifndef OPENSSL_NO_SHA 2376 case TLSEXT_hash_sha1: 2377 return EVP_sha1(); 2378#endif 2379#ifndef OPENSSL_NO_SHA256 2380 case TLSEXT_hash_sha224: 2381 return EVP_sha224(); 2382 --- 241 unchanged lines hidden --- | 2447#ifndef OPENSSL_NO_SHA 2448 case TLSEXT_hash_sha1: 2449 return EVP_sha1(); 2450#endif 2451#ifndef OPENSSL_NO_SHA256 2452 case TLSEXT_hash_sha224: 2453 return EVP_sha224(); 2454 --- 241 unchanged lines hidden --- |