Remove compat hack that disabled ECDHE-ECDSA on OS X.

For a few old releases, ECDHE-ECDSA was broken on OS X.  This option
cannot differentiate between working and broken OS X so it disabled
ECDHE-ECDSA support on all OS X >= 10.6.  10.8-10.8.3 were the faulty
releases but these are no longer relevant.  Tested on OS X 10.10 by jsing.

ok jsing@

5 files changed, 13 insertions, 104 deletions

diff --git a/lib/libssl/src/doc/ssl/SSL_CTX_set_options.3 b/lib/libssl/src/doc/ssl/SSL_CTX_set_options.3
index 922522a33c1..91a1c9ad92d 100644
--- a/lib/libssl/src/doc/ssl/SSL_CTX_set_options.3
+++ b/lib/libssl/src/doc/ssl/SSL_CTX_set_options.3
@@ -1,5 +1,5 @@
 .\"
-.\"	$OpenBSD: SSL_CTX_set_options.3,v 1.7 2015/07/17 07:04:40 doug Exp $
+.\"	$OpenBSD: SSL_CTX_set_options.3,v 1.8 2015/07/17 15:50:37 doug Exp $
 .\"
 .Dd $Mdocdate: July 17 2015 $
 .Dt SSL_CTX_SET_OPTIONS 3
@@ -116,8 +116,9 @@ this option has no effect.
 .It Dv SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER
 \&...
 .It Dv SSL_OP_SAFARI_ECDHE_ECDSA_BUG
-Don't prefer ECDHE-ECDSA ciphers when the client appears to be Safari on OS X.
-OS X 10.8..10.8.3 has broken support for ECDHE-ECDSA ciphers.
+As of
+.Ox 5.8 ,
+this option has no effect.
 .It Dv SSL_OP_SSLEAY_080_CLIENT_DH_BUG
 As of
 .Ox 5.8 ,
diff --git a/lib/libssl/src/ssl/s3_lib.c b/lib/libssl/src/ssl/s3_lib.c
index c838409bf7a..91672575462 100644
--- a/lib/libssl/src/ssl/s3_lib.c
+++ b/lib/libssl/src/ssl/s3_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_lib.c,v 1.97 2015/07/14 05:20:46 doug Exp $ */
+/* $OpenBSD: s3_lib.c,v 1.98 2015/07/17 15:50:37 doug Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -2087,8 +2087,6 @@ ssl3_clear(SSL *s)
 	EC_KEY_free(s->s3->tmp.ecdh);
 	s->s3->tmp.ecdh = NULL;
 
-	s->s3->is_probably_safari = 0;
-
 	rp = s->s3->rbuf.buf;
 	wp = s->s3->wbuf.buf;
 	rlen = s->s3->rbuf.len;
@@ -2618,12 +2616,6 @@ ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
 			continue;
 		ii = sk_SSL_CIPHER_find(allow, c);
 		if (ii >= 0) {
-			if ((alg_k & SSL_kECDHE) &&
-			    (alg_a & SSL_aECDSA) && s->s3->is_probably_safari) {
-				if (!ret)
-					ret = sk_SSL_CIPHER_value(allow, ii);
-				continue;
-			}
 			ret = sk_SSL_CIPHER_value(allow, ii);
 			break;
 		}
diff --git a/lib/libssl/src/ssl/ssl.h b/lib/libssl/src/ssl/ssl.h
index 84154a51765..33aaadcd20e 100644
--- a/lib/libssl/src/ssl/ssl.h
+++ b/lib/libssl/src/ssl/ssl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl.h,v 1.88 2015/07/17 07:04:41 doug Exp $ */
+/* $OpenBSD: ssl.h,v 1.89 2015/07/17 15:50:37 doug Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -520,7 +520,6 @@ struct ssl_session_st {
 #define SSL_OP_LEGACY_SERVER_CONNECT			0x00000004L
 #define SSL_OP_TLSEXT_PADDING				0x00000010L
 #define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER		0x00000020L
-#define SSL_OP_SAFARI_ECDHE_ECDSA_BUG			0x00000040L
 #define SSL_OP_TLS_D5_BUG				0x00000100L
 
 /* Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added
@@ -575,7 +574,6 @@ struct ssl_session_st {
     (SSL_OP_LEGACY_SERVER_CONNECT | \
      SSL_OP_TLSEXT_PADDING | \
      SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER | \
-     SSL_OP_SAFARI_ECDHE_ECDSA_BUG | \
      SSL_OP_TLS_D5_BUG | \
      SSL_OP_CRYPTOPRO_TLSEXT_BUG)
 
@@ -590,6 +588,7 @@ struct ssl_session_st {
 #define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG		0x0
 #define SSL_OP_PKCS1_CHECK_1				0x0
 #define SSL_OP_PKCS1_CHECK_2				0x0
+#define SSL_OP_SAFARI_ECDHE_ECDSA_BUG			0x0
 #define SSL_OP_SSLEAY_080_CLIENT_DH_BUG			0x0
 #define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG		0x0
 #define SSL_OP_TLS_BLOCK_PADDING_BUG			0x0
diff --git a/lib/libssl/src/ssl/ssl3.h b/lib/libssl/src/ssl/ssl3.h
index 8bcf9e37e82..4de50428a8b 100644
--- a/lib/libssl/src/ssl/ssl3.h
+++ b/lib/libssl/src/ssl/ssl3.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl3.h,v 1.38 2015/07/17 07:04:41 doug Exp $ */
+/* $OpenBSD: ssl3.h,v 1.39 2015/07/17 15:50:37 doug Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -490,9 +490,10 @@ typedef struct ssl3_state_st {
 	unsigned char *alpn_selected;
 	unsigned int alpn_selected_len;
 
-	/* This is set to true if we believe that this is a version of Safari
-	 * running on OS X 10.6 or newer. We wish to know this because Safari
-	 * on 10.8 .. 10.8.3 has broken ECDHE-ECDSA support. */
+	/*
+	 * XXX delete on next major bump.  This was for old OS X releases
+	 * with broken ECDHE-ECDSA support.
+	 */
 	char is_probably_safari;
 } SSL3_STATE;
 
diff --git a/lib/libssl/src/ssl/t1_lib.c b/lib/libssl/src/ssl/t1_lib.c
index e901a901da7..b0f0de3bd8b 100644
--- a/lib/libssl/src/ssl/t1_lib.c
+++ b/lib/libssl/src/ssl/t1_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t1_lib.c,v 1.78 2015/06/19 01:38:54 doug Exp $ */
+/* $OpenBSD: t1_lib.c,v 1.79 2015/07/17 15:50:37 doug Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1204,87 +1204,6 @@ parse_error:
 	return (0);
 }
 
-/* ssl_check_for_safari attempts to fingerprint Safari using OS X
- * SecureTransport using the TLS extension block in |d|, of length |n|.
- * Safari, since 10.6, sends exactly these extensions, in this order:
- *   SNI,
- *   elliptic_curves
- *   ec_point_formats
- *
- * We wish to fingerprint Safari because they broke ECDHE-ECDSA support in 10.8,
- * but they advertise support. So enabling ECDHE-ECDSA ciphers breaks them.
- * Sadly we cannot differentiate 10.6, 10.7 and 10.8.4 (which work), from
- * 10.8..10.8.3 (which don't work).
- */
-static void
-ssl_check_for_safari(SSL *s, const unsigned char *data, const unsigned char *d,
-    int n)
-{
-	unsigned short type, size;
-	static const unsigned char kSafariExtensionsBlock[] = {
-		0x00, 0x0a,  /* elliptic_curves extension */
-		0x00, 0x08,  /* 8 bytes */
-		0x00, 0x06,  /* 6 bytes of curve ids */
-		0x00, 0x17,  /* P-256 */
-		0x00, 0x18,  /* P-384 */
-		0x00, 0x19,  /* P-521 */
-
-		0x00, 0x0b,  /* ec_point_formats */
-		0x00, 0x02,  /* 2 bytes */
-		0x01,        /* 1 point format */
-		0x00,        /* uncompressed */
-	};
-
-	/* The following is only present in TLS 1.2 */
-	static const unsigned char kSafariTLS12ExtensionsBlock[] = {
-		0x00, 0x0d,  /* signature_algorithms */
-		0x00, 0x0c,  /* 12 bytes */
-		0x00, 0x0a,  /* 10 bytes */
-		0x05, 0x01,  /* SHA-384/RSA */
-		0x04, 0x01,  /* SHA-256/RSA */
-		0x02, 0x01,  /* SHA-1/RSA */
-		0x04, 0x03,  /* SHA-256/ECDSA */
-		0x02, 0x03,  /* SHA-1/ECDSA */
-	};
-
-	if (data >= (d + n - 2))
-		return;
-	data += 2;
-
-	if (data > (d + n - 4))
-		return;
-	n2s(data, type);
-	n2s(data, size);
-
-	if (type != TLSEXT_TYPE_server_name)
-		return;
-
-	if (data + size > d + n)
-		return;
-	data += size;
-
-	if (TLS1_get_client_version(s) >= TLS1_2_VERSION) {
-		const size_t len1 = sizeof(kSafariExtensionsBlock);
-		const size_t len2 = sizeof(kSafariTLS12ExtensionsBlock);
-
-		if (data + len1 + len2 != d + n)
-			return;
-		if (memcmp(data, kSafariExtensionsBlock, len1) != 0)
-			return;
-		if (memcmp(data + len1, kSafariTLS12ExtensionsBlock, len2) != 0)
-			return;
-	} else {
-		const size_t len = sizeof(kSafariExtensionsBlock);
-
-		if (data + len != d + n)
-			return;
-		if (memcmp(data, kSafariExtensionsBlock, len) != 0)
-			return;
-	}
-
-	s->s3->is_probably_safari = 1;
-}
-
 int
 ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d,
     int n, int *al)
@@ -1302,9 +1221,6 @@ ssl_parse_clienthello_tlsext(SSL *s, unsigned char **p, unsigned char *d,
 	free(s->s3->alpn_selected);
 	s->s3->alpn_selected = NULL;
 
-	if (s->options & SSL_OP_SAFARI_ECDHE_ECDSA_BUG)
-		ssl_check_for_safari(s, data, d, n);
-
 	if (data >= (d + n - 2))
 		goto ri_check;
 	n2s(data, len);