From 79942b00ea07a508a50e332401eb47beb94ff59d Mon Sep 17 00:00:00 2001 From: lwthiker Date: Thu, 29 Feb 2024 19:58:00 +0200 Subject: [PATCH] Update BoringSSL patch to handle Safari quirks --- chrome/patches/boringssl-old-ciphers.patch | 89 +++++++++++++++++++++- 1 file changed, 87 insertions(+), 2 deletions(-) diff --git a/chrome/patches/boringssl-old-ciphers.patch b/chrome/patches/boringssl-old-ciphers.patch index 8d955dd..ff3112d 100644 --- a/chrome/patches/boringssl-old-ciphers.patch +++ b/chrome/patches/boringssl-old-ciphers.patch @@ -1,6 +1,6 @@ diff -u1 -Nar --exclude build --exclude tags boringssl-d24a38200fef19150eef00cad35b138936c08767/ssl/internal.h boringssl/ssl/internal.h --- boringssl-d24a38200fef19150eef00cad35b138936c08767/ssl/internal.h 2023-09-27 05:13:00.000000000 +0300 -+++ boringssl/ssl/internal.h 2024-02-10 19:41:05.916013082 +0200 ++++ boringssl/ssl/internal.h 2024-02-29 20:02:32.711209565 +0200 @@ -577,4 +577,9 @@ #define SSL_SHA256 0x00000002u +// curl-impersonate: @@ -14,7 +14,7 @@ diff -u1 -Nar --exclude build --exclude tags boringssl-d24a38200fef19150eef00cad diff -u1 -Nar --exclude build --exclude tags boringssl-d24a38200fef19150eef00cad35b138936c08767/ssl/ssl_cipher.cc boringssl/ssl/ssl_cipher.cc --- boringssl-d24a38200fef19150eef00cad35b138936c08767/ssl/ssl_cipher.cc 2023-09-27 05:13:00.000000000 +0300 -+++ boringssl/ssl/ssl_cipher.cc 2024-02-10 19:52:54.366879729 +0200 ++++ boringssl/ssl/ssl_cipher.cc 2024-02-29 20:02:32.711209565 +0200 @@ -199,2 +199,33 @@ + // curl-impersonate: Ciphers 3C, 3D were removed in @@ -155,3 +155,88 @@ diff -u1 -Nar --exclude build --exclude tags boringssl-d24a38200fef19150eef00cad + TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384 & 0xffff, + TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384 & 0xffff, }; +diff -u1 -Nar --exclude build --exclude tags boringssl-d24a38200fef19150eef00cad35b138936c08767/ssl/ssl_privkey.cc boringssl/ssl/ssl_privkey.cc +--- boringssl-d24a38200fef19150eef00cad35b138936c08767/ssl/ssl_privkey.cc 2023-09-27 05:13:00.000000000 +0300 ++++ boringssl/ssl/ssl_privkey.cc 2024-02-29 21:26:15.518023534 +0200 +@@ -560,40 +560,45 @@ + +-static int compare_uint16_t(const void *p1, const void *p2) { +- uint16_t u1 = *((const uint16_t *)p1); +- uint16_t u2 = *((const uint16_t *)p2); +- if (u1 < u2) { +- return -1; +- } else if (u1 > u2) { +- return 1; +- } else { +- return 0; +- } +-} +- +-static bool sigalgs_unique(Span in_sigalgs) { +- if (in_sigalgs.size() < 2) { +- return true; +- } +- +- Array sigalgs; +- if (!sigalgs.CopyFrom(in_sigalgs)) { +- return false; +- } +- +- qsort(sigalgs.data(), sigalgs.size(), sizeof(uint16_t), compare_uint16_t); +- +- for (size_t i = 1; i < sigalgs.size(); i++) { +- if (sigalgs[i - 1] == sigalgs[i]) { +- OPENSSL_PUT_ERROR(SSL, SSL_R_DUPLICATE_SIGNATURE_ALGORITHM); +- return false; +- } +- } +- +- return true; +-} ++// curl-impersonate: Remove the uniqueness check. Older Safari versions (15) ++// send out duplicated algorithm prefs. ++// static int compare_uint16_t(const void *p1, const void *p2) { ++// uint16_t u1 = *((const uint16_t *)p1); ++// uint16_t u2 = *((const uint16_t *)p2); ++// if (u1 < u2) { ++// return -1; ++// } else if (u1 > u2) { ++// return 1; ++// } else { ++// return 0; ++// } ++// } ++ ++// static bool sigalgs_unique(Span in_sigalgs) { ++// if (in_sigalgs.size() < 2) { ++// return true; ++// } ++// ++// Array sigalgs; ++// if (!sigalgs.CopyFrom(in_sigalgs)) { ++// return false; ++// } ++// ++// qsort(sigalgs.data(), sigalgs.size(), sizeof(uint16_t), compare_uint16_t); ++// ++// for (size_t i = 1; i < sigalgs.size(); i++) { ++// if (sigalgs[i - 1] == sigalgs[i]) { ++// OPENSSL_PUT_ERROR(SSL, SSL_R_DUPLICATE_SIGNATURE_ALGORITHM); ++// return false; ++// } ++// } ++// ++// return true; ++// } + + static bool set_sigalg_prefs(Array *out, Span prefs) { +- if (!sigalgs_unique(prefs)) { +- return false; +- } ++ // curl-impersonate: Remove the uniqueness check. Older Safari versions (15) ++ // send out duplicated algorithm prefs. ++ ++ // if (!sigalgs_unique(prefs)) { ++ // return false; ++ // } +