Remove is_probably_safari logic.

We handle it externally now.

Change-Id: Ib561f64078809645195fd1a859b3256499038847
Reviewed-on: https://boringssl-review.googlesource.com/1098
Reviewed-by: Adam Langley <agl@google.com>

ssl/s3_lib.c

@@ -2747,10 +2747,6 @@ void ssl3_clear(SSL *s)
 		s->s3->tmp.ecdh = NULL;
 		}
 #endif
-#ifndef OPENSSL_NO_EC
-	s->s3->is_probably_safari = 0;
-#endif /* !OPENSSL_NO_EC */
-
 	rp = s->s3->rbuf.buf;
 	wp = s->s3->wbuf.buf;
 	rlen = s->s3->rbuf.len;

ssl/ssl3.h

@@ -533,13 +533,6 @@ typedef struct ssl3_state_st
 	int next_proto_neg_seen;
 #endif
 
-#ifndef OPENSSL_NO_EC
-	/* This is set to true if we believe that this is a version of Safari
-	 * running on OS X 10.6 or newer. We wish to know this because Safari
-	 * on 10.8 .. 10.8.3 has broken ECDHE-ECDSA support. */
-	char is_probably_safari;
-#endif /* !OPENSSL_NO_EC */
-
 	/* ALPN information
 	 * (we are in the process of transitioning from NPN to ALPN.) */
 

ssl/t1_lib.c

@@ -1734,82 +1734,6 @@ unsigned char *ssl_add_serverhello_tlsext(SSL *s, unsigned char *buf, unsigned c
 	return ret;
 	}
 
-#ifndef OPENSSL_NO_EC
-/* ssl_check_for_safari attempts to fingerprint Safari using OS X
- * SecureTransport using the TLS extension block in |cbs|.
- * Safari, since 10.6, sends exactly these extensions, in this order:
- *   SNI,
- *   elliptic_curves
- *   ec_point_formats
- *
- * We wish to fingerprint Safari because they broke ECDHE-ECDSA support in 10.8,
- * but they advertise support. So enabling ECDHE-ECDSA ciphers breaks them.
- * Sadly we cannot differentiate 10.6, 10.7 and 10.8.4 (which work), from
- * 10.8..10.8.3 (which don't work).
- */
-static void ssl_check_for_safari(SSL *s, const CBS *extensions)
-	{
-	static const unsigned char kSafariExtensionsBlock[] = {
-		0x00, 0x0a,  /* elliptic_curves extension */
-		0x00, 0x08,  /* 8 bytes */
-		0x00, 0x06,  /* 6 bytes of curve ids */
-		0x00, 0x17,  /* P-256 */
-		0x00, 0x18,  /* P-384 */
-		0x00, 0x19,  /* P-521 */
-
-		0x00, 0x0b,  /* ec_point_formats */
-		0x00, 0x02,  /* 2 bytes */
-		0x01,        /* 1 point format */
-		0x00,        /* uncompressed */
-	};
-
-	/* The following is only present in TLS 1.2 */
-	static const unsigned char kSafariTLS12ExtensionsBlock[] = {
-		0x00, 0x0d,  /* signature_algorithms */
-		0x00, 0x0c,  /* 12 bytes */
-		0x00, 0x0a,  /* 10 bytes */
-		0x05, 0x01,  /* SHA-384/RSA */
-		0x04, 0x01,  /* SHA-256/RSA */
-		0x02, 0x01,  /* SHA-1/RSA */
-		0x04, 0x03,  /* SHA-256/ECDSA */
-		0x02, 0x03,  /* SHA-1/ECDSA */
-	};
-	CBS extensions_copy = *extensions, extension;
-	uint16_t type;
-
-	/* First extension is server_name. */
-	if (!CBS_get_u16(&extensions_copy, &type) ||
-		!CBS_get_u16_length_prefixed(&extensions_copy, &extension) ||
-		type != TLSEXT_TYPE_server_name)
-		return;
-
-	/* Compare the remainder of the extensions block. */
-	if (TLS1_get_client_version(s) >= TLS1_2_VERSION)
-		{
-		const size_t len1 = sizeof(kSafariExtensionsBlock);
-		const size_t len2 = sizeof(kSafariTLS12ExtensionsBlock);
-
-		if (len1 + len2 != CBS_len(&extensions_copy))
-			return;
-		if (memcmp(CBS_data(&extensions_copy), kSafariExtensionsBlock, len1) != 0)
-			return;
-		if (memcmp(CBS_data(&extensions_copy) + len1, kSafariTLS12ExtensionsBlock, len2) != 0)
-			return;
-		}
-	else
-		{
-		const size_t len = sizeof(kSafariExtensionsBlock);
-
-		if (len != CBS_len(&extensions_copy))
-			return;
-		if (memcmp(CBS_data(&extensions_copy), kSafariExtensionsBlock, len) != 0)
-			return;
-		}
-
-	s->s3->is_probably_safari = 1;
-}
-#endif /* !OPENSSL_NO_EC */
-
 /* tls1_alpn_handle_client_hello is called to process the ALPN extension in a
  * ClientHello.
  *   cbs: the contents of the extension, not including the type and length.
@@ -1913,11 +1837,6 @@ static int ssl_scan_clienthello_tlsext(SSL *s, CBS *cbs, int *out_alert)
 		return 0;
 		}
 
-#ifndef OPENSSL_NO_EC
-	if (s->options & SSL_OP_SAFARI_ECDHE_ECDSA_BUG)
-		ssl_check_for_safari(s, &extensions);
-#endif /* !OPENSSL_NO_EC */
-
 	while (CBS_len(&extensions) != 0)
 		{
 		uint16_t type;