Finish zapping SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION usage; only keep

the #define for compat, but document that it's a no-op now. Also, neuter the -legacy_renegotiation option to "openssl s_{client,server}" ok beck@
author: guenther <> 2014-04-18 15:39:53 +0000
committer: guenther <> 2014-04-18 15:39:53 +0000
commit: c418adf51b69cbee6492ffce61f43485ba392d92 (patch)
tree: cd56b260b305a9f3bcb8b4a84345694af61cb48e /src/lib/libssl/src
parent: 645923dffb1bc46b8b1eb2f942f8d923f9f6cfd4 (diff)
download: openbsd-c418adf51b69cbee6492ffce61f43485ba392d92.tar.gz
openbsd-c418adf51b69cbee6492ffce61f43485ba392d92.tar.bz2
openbsd-c418adf51b69cbee6492ffce61f43485ba392d92.zip
4 files changed, 18 insertions, 23 deletions
diff --git a/src/lib/libssl/src/apps/s_client.c b/src/lib/libssl/src/apps/s_client.c
index 4290548de5..cbdba2ae52 100644
--- a/src/lib/libssl/src/apps/s_client.c
+++ b/src/lib/libssl/src/apps/s_client.c
@@ -334,7 +334,7 @@ sc_usage(void)
        BIO_printf(bio_err, " -starttls prot - use the STARTTLS command before starting TLS\n");
        BIO_printf(bio_err, "                 for those protocols that support it, where\n");
        BIO_printf(bio_err, "                 'prot' defines which one to assume.  Currently,\n");
-        BIO_printf(bio_err, "                 only \"smtp\", \"pop3\", \"imap\", \"ftp\" and \"xmpp\"\n");
+        BIO_printf(bio_err, "                 only \"smtp\", \"lmtp\", \"pop3\", \"imap\", \"ftp\" and \"xmpp\"\n");
        BIO_printf(bio_err, "                 are supported.\n");
 #ifndef OPENSSL_NO_ENGINE
        BIO_printf(bio_err, " -engine id    - Initialise and use the specified engine\n");
@@ -351,7 +351,6 @@ sc_usage(void)
        BIO_printf(bio_err, " -nextprotoneg arg - enable NPN extension, considering named protocols supported (comma-separated list)\n");
 #endif
 #endif
-        BIO_printf(bio_err, " -legacy_renegotiation - enable use of legacy renegotiation (dangerous)\n");
 #ifndef OPENSSL_NO_SRTP
        BIO_printf(bio_err, " -use_srtp profiles - Offer SRTP key management with a colon-separated profile list\n");
 #endif
@@ -535,6 +534,7 @@ next_proto_cb(SSL * s, unsigned char **out, unsigned char *outlen, const unsigne
 enum {
        PROTO_OFF = 0,
        PROTO_SMTP,
+        PROTO_LMTP,
        PROTO_POP3,
        PROTO_IMAP,
        PROTO_FTP,
@@ -832,7 +832,7 @@ s_client_main(int argc, char **argv)
                else if (strcmp(*argv, "-serverpref") == 0)
                        off |= SSL_OP_CIPHER_SERVER_PREFERENCE;
                else if (strcmp(*argv, "-legacy_renegotiation") == 0)
-                        off |= SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION;
+                        ; /* no-op */
                else if (strcmp(*argv, "-legacy_server_connect") == 0) {
                        off |= SSL_OP_LEGACY_SERVER_CONNECT;
                } else if (strcmp(*argv, "-no_legacy_server_connect") == 0) {
@@ -853,6 +853,8 @@ s_client_main(int argc, char **argv)
                        ++argv;
                        if (strcmp(*argv, "smtp") == 0)
                                starttls_proto = PROTO_SMTP;
+                        else if (strcmp(*argv, "lmtp") == 0)
+                                starttls_proto = PROTO_LMTP;
                        else if (strcmp(*argv, "pop3") == 0)
                                starttls_proto = PROTO_POP3;
                        else if (strcmp(*argv, "imap") == 0)
@@ -1287,7 +1289,7 @@ re_start:
         * push a buffering BIO into the chain that is removed again later on
         * to not disturb the rest of the s_client operation.
         */
-        if (starttls_proto == PROTO_SMTP) {
+        if (starttls_proto == PROTO_SMTP || starttls_proto == PROTO_LMTP) {
                int foundit = 0;
                BIO *fbio = BIO_new(BIO_f_buffer());
                BIO_push(fbio, sbio);
@@ -1297,7 +1299,8 @@ re_start:
                }
                while (mbuf_len > 3 && mbuf[3] == '-');
                /* STARTTLS command requires EHLO... */
-                BIO_printf(fbio, "EHLO openssl.client.net\r\n");
+                BIO_printf(fbio, "%cHLO openssl.client.net\r\n",
+                           starttls_proto == PROTO_SMTP ? 'E' : 'L');
                (void) BIO_flush(fbio);
                /* wait for multi-line response to end EHLO SMTP response */
                do {
diff --git a/src/lib/libssl/src/apps/s_server.c b/src/lib/libssl/src/apps/s_server.c
index 27925b492d..a84b822538 100644
--- a/src/lib/libssl/src/apps/s_server.c
+++ b/src/lib/libssl/src/apps/s_server.c
@@ -525,7 +525,6 @@ sv_usage(void)
        BIO_printf(bio_err, "                 not specified (default is %s)\n", TEST_CERT2);
        BIO_printf(bio_err, " -tlsextdebug  - hex dump of all TLS extensions received\n");
        BIO_printf(bio_err, " -no_ticket    - disable use of RFC4507bis session tickets\n");
-        BIO_printf(bio_err, " -legacy_renegotiation - enable use of legacy renegotiation (dangerous)\n");
 #ifndef OPENSSL_NO_NEXTPROTONEG
        BIO_printf(bio_err, " -nextprotoneg arg - set the advertised protocols for the NPN extension (comma-separated list)\n");
 #endif
@@ -904,7 +903,7 @@ s_server_main(int argc, char *argv[])
                else if (strcmp(*argv, "-serverpref") == 0) {
                        off |= SSL_OP_CIPHER_SERVER_PREFERENCE;
                } else if (strcmp(*argv, "-legacy_renegotiation") == 0)
-                        off |= SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION;
+                        ; /* no-op */
                else if (strcmp(*argv, "-cipher") == 0) {
                        if (--argc < 1)
                                goto bad;
diff --git a/src/lib/libssl/src/doc/ssl/SSL_CTX_set_options.pod b/src/lib/libssl/src/doc/ssl/SSL_CTX_set_options.pod
index fded0601b5..d932282551 100644
--- a/src/lib/libssl/src/doc/ssl/SSL_CTX_set_options.pod
+++ b/src/lib/libssl/src/doc/ssl/SSL_CTX_set_options.pod
@@ -216,8 +216,10 @@ not be used by clients or servers.
 =item SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION
-Allow legacy insecure renegotiation between OpenSSL and unpatched clients or
+As of OpenBSD 5.6, this option has no effect.
-servers. See the B<SECURE RENEGOTIATION> section for more details.
+In previous versions it allowed legacy insecure renegotiation between
+OpenSSL and unpatched clients or servers.
+See the B<SECURE RENEGOTIATION> section for more details.
 =item SSL_OP_LEGACY_SERVER_CONNECT
@@ -258,9 +260,6 @@ If the patched OpenSSL server attempts to renegotiate a fatal
 B<handshake_failure> alert is sent. This is because the server code may be
 unaware of the unpatched nature of the client.
-If the option B<SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION> is set then
-renegotiation B<always> succeeds.
 B<NB:> a bug in OpenSSL clients earlier than 0.9.8m (all of which are
 unpatched) will result in the connection hanging if it receives a
 B<no_renegotiation> alert. OpenSSL versions 0.9.8m and later will regard
@@ -271,8 +270,7 @@ was refused.
 =head2 Patched OpenSSL client and unpatched server.
-If the option B<SSL_OP_LEGACY_SERVER_CONNECT> or
+If the option B<SSL_OP_LEGACY_SERVER_CONNECT> is set then initial connections
-B<SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION> is set then initial connections
 and renegotiation between patched OpenSSL clients and unpatched servers
 succeeds. If neither option is set then initial connections to unpatched
 servers will fail.
@@ -295,13 +293,6 @@ unpatched servers (and thus avoid any security issues) should always B<clear>
 B<SSL_OP_LEGACY_SERVER_CONNECT> using SSL_CTX_clear_options() or
 SSL_clear_options().
-The difference between the B<SSL_OP_LEGACY_SERVER_CONNECT> and
-B<SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION> options is that
-B<SSL_OP_LEGACY_SERVER_CONNECT> enables initial connections and secure
-renegotiation between OpenSSL clients and unpatched servers B<only>, while
-B<SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION> allows initial connections
-and renegotiation between OpenSSL and unpatched clients or servers.
 =head1 RETURN VALUES
 SSL_CTX_set_options() and SSL_set_options() return the new options bitmask
@@ -344,4 +335,7 @@ B<SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION>, B<SSL_OP_LEGACY_SERVER_CONNECT>
 and the function SSL_get_secure_renegotiation_support() were first added in
 OpenSSL 0.9.8m.
+B<SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION> was changed to have no effect
+in OpenBSD 5.6.
 =cut
diff --git a/src/lib/libssl/src/ssl/s3_pkt.c b/src/lib/libssl/src/ssl/s3_pkt.c
index e901268a34..ec73ef50bd 100644
--- a/src/lib/libssl/src/ssl/s3_pkt.c
+++ b/src/lib/libssl/src/ssl/s3_pkt.c
@@ -1095,8 +1095,7 @@ start:
            (s->version > SSL3_VERSION) &&
            (s->s3->handshake_fragment_len >= 4) &&
            (s->s3->handshake_fragment[0] == SSL3_MT_CLIENT_HELLO) &&
-            (s->session != NULL) && (s->session->cipher != NULL) &&
+            (s->session != NULL) && (s->session->cipher != NULL)) {
-            !(s->ctx->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) {
                /*s->s3->handshake_fragment_len = 0;*/
                rr->length = 0;
                ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_NO_RENEGOTIATION);
author	guenther <>	2014-04-18 15:39:53 +0000
committer	guenther <>	2014-04-18 15:39:53 +0000
commit	c418adf51b69cbee6492ffce61f43485ba392d92 (patch)
tree	cd56b260b305a9f3bcb8b4a84345694af61cb48e /src/lib/libssl/src
parent	645923dffb1bc46b8b1eb2f942f8d923f9f6cfd4 (diff)
download	openbsd-c418adf51b69cbee6492ffce61f43485ba392d92.tar.gz openbsd-c418adf51b69cbee6492ffce61f43485ba392d92.tar.bz2 openbsd-c418adf51b69cbee6492ffce61f43485ba392d92.zip