Finish zapping SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION usage; only keep

the #define for compat, but document that it's a no-op now.  Also, neuter
the -legacy_renegotiation option to "openssl s_{client,server}"

ok beck@

5 files changed, 19 insertions, 25 deletions

diff --git a/src/lib/libssl/s3_pkt.c b/src/lib/libssl/s3_pkt.c
index e901268a34..ec73ef50bd 100644
--- a/src/lib/libssl/s3_pkt.c
+++ b/src/lib/libssl/s3_pkt.c
@@ -1095,8 +1095,7 @@ start:
             (s->version > SSL3_VERSION) &&
             (s->s3->handshake_fragment_len >= 4) &&
             (s->s3->handshake_fragment[0] == SSL3_MT_CLIENT_HELLO) &&
-            (s->session != NULL) && (s->session->cipher != NULL) &&
-            !(s->ctx->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) {
+            (s->session != NULL) && (s->session->cipher != NULL)) {
                 /*s->s3->handshake_fragment_len = 0;*/
                 rr->length = 0;
                 ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_NO_RENEGOTIATION);
diff --git a/src/lib/libssl/src/apps/s_client.c b/src/lib/libssl/src/apps/s_client.c
index 4290548de5..cbdba2ae52 100644
--- a/src/lib/libssl/src/apps/s_client.c
+++ b/src/lib/libssl/src/apps/s_client.c
@@ -334,7 +334,7 @@ sc_usage(void)
         BIO_printf(bio_err, " -starttls prot - use the STARTTLS command before starting TLS\n");
         BIO_printf(bio_err, "                 for those protocols that support it, where\n");
         BIO_printf(bio_err, "                 'prot' defines which one to assume.  Currently,\n");
-        BIO_printf(bio_err, "                 only \"smtp\", \"pop3\", \"imap\", \"ftp\" and \"xmpp\"\n");
+        BIO_printf(bio_err, "                 only \"smtp\", \"lmtp\", \"pop3\", \"imap\", \"ftp\" and \"xmpp\"\n");
         BIO_printf(bio_err, "                 are supported.\n");
 #ifndef OPENSSL_NO_ENGINE
         BIO_printf(bio_err, " -engine id    - Initialise and use the specified engine\n");
@@ -351,7 +351,6 @@ sc_usage(void)
         BIO_printf(bio_err, " -nextprotoneg arg - enable NPN extension, considering named protocols supported (comma-separated list)\n");
 #endif
 #endif
-        BIO_printf(bio_err, " -legacy_renegotiation - enable use of legacy renegotiation (dangerous)\n");
 #ifndef OPENSSL_NO_SRTP
         BIO_printf(bio_err, " -use_srtp profiles - Offer SRTP key management with a colon-separated profile list\n");
 #endif
@@ -535,6 +534,7 @@ next_proto_cb(SSL * s, unsigned char **out, unsigned char *outlen, const unsigne
 enum {
         PROTO_OFF = 0,
         PROTO_SMTP,
+        PROTO_LMTP,
         PROTO_POP3,
         PROTO_IMAP,
         PROTO_FTP,
@@ -832,7 +832,7 @@ s_client_main(int argc, char **argv)
                 else if (strcmp(*argv, "-serverpref") == 0)
                         off |= SSL_OP_CIPHER_SERVER_PREFERENCE;
                 else if (strcmp(*argv, "-legacy_renegotiation") == 0)
-                        off |= SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION;
+                        ; /* no-op */
                 else if (strcmp(*argv, "-legacy_server_connect") == 0) {
                         off |= SSL_OP_LEGACY_SERVER_CONNECT;
                 } else if (strcmp(*argv, "-no_legacy_server_connect") == 0) {
@@ -853,6 +853,8 @@ s_client_main(int argc, char **argv)
                         ++argv;
                         if (strcmp(*argv, "smtp") == 0)
                                 starttls_proto = PROTO_SMTP;
+                        else if (strcmp(*argv, "lmtp") == 0)
+                                starttls_proto = PROTO_LMTP;
                         else if (strcmp(*argv, "pop3") == 0)
                                 starttls_proto = PROTO_POP3;
                         else if (strcmp(*argv, "imap") == 0)
@@ -1287,7 +1289,7 @@ re_start:
          * push a buffering BIO into the chain that is removed again later on
          * to not disturb the rest of the s_client operation.
          */
-        if (starttls_proto == PROTO_SMTP) {
+        if (starttls_proto == PROTO_SMTP || starttls_proto == PROTO_LMTP) {
                 int foundit = 0;
                 BIO *fbio = BIO_new(BIO_f_buffer());
                 BIO_push(fbio, sbio);
@@ -1297,7 +1299,8 @@ re_start:
                 }
                 while (mbuf_len > 3 && mbuf[3] == '-');
                 /* STARTTLS command requires EHLO... */
-                BIO_printf(fbio, "EHLO openssl.client.net\r\n");
+                BIO_printf(fbio, "%cHLO openssl.client.net\r\n",
+                           starttls_proto == PROTO_SMTP ? 'E' : 'L');
                 (void) BIO_flush(fbio);
                 /* wait for multi-line response to end EHLO SMTP response */
                 do {
diff --git a/src/lib/libssl/src/apps/s_server.c b/src/lib/libssl/src/apps/s_server.c
index 27925b492d..a84b822538 100644
--- a/src/lib/libssl/src/apps/s_server.c
+++ b/src/lib/libssl/src/apps/s_server.c
@@ -525,7 +525,6 @@ sv_usage(void)
         BIO_printf(bio_err, "                 not specified (default is %s)\n", TEST_CERT2);
         BIO_printf(bio_err, " -tlsextdebug  - hex dump of all TLS extensions received\n");
         BIO_printf(bio_err, " -no_ticket    - disable use of RFC4507bis session tickets\n");
-        BIO_printf(bio_err, " -legacy_renegotiation - enable use of legacy renegotiation (dangerous)\n");
 #ifndef OPENSSL_NO_NEXTPROTONEG
         BIO_printf(bio_err, " -nextprotoneg arg - set the advertised protocols for the NPN extension (comma-separated list)\n");
 #endif
@@ -904,7 +903,7 @@ s_server_main(int argc, char *argv[])
                 else if (strcmp(*argv, "-serverpref") == 0) {
                         off |= SSL_OP_CIPHER_SERVER_PREFERENCE;
                 } else if (strcmp(*argv, "-legacy_renegotiation") == 0)
-                        off |= SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION;
+                        ; /* no-op */
                 else if (strcmp(*argv, "-cipher") == 0) {
                         if (--argc < 1)
                                 goto bad;
diff --git a/src/lib/libssl/src/doc/ssl/SSL_CTX_set_options.pod b/src/lib/libssl/src/doc/ssl/SSL_CTX_set_options.pod
index fded0601b5..d932282551 100644
--- a/src/lib/libssl/src/doc/ssl/SSL_CTX_set_options.pod
+++ b/src/lib/libssl/src/doc/ssl/SSL_CTX_set_options.pod
@@ -216,8 +216,10 @@ not be used by clients or servers.
 
 =item SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION
 
-Allow legacy insecure renegotiation between OpenSSL and unpatched clients or
-servers. See the B<SECURE RENEGOTIATION> section for more details.
+As of OpenBSD 5.6, this option has no effect.
+In previous versions it allowed legacy insecure renegotiation between
+OpenSSL and unpatched clients or servers.
+See the B<SECURE RENEGOTIATION> section for more details.
 
 =item SSL_OP_LEGACY_SERVER_CONNECT
 
@@ -258,9 +260,6 @@ If the patched OpenSSL server attempts to renegotiate a fatal
 B<handshake_failure> alert is sent. This is because the server code may be
 unaware of the unpatched nature of the client.
 
-If the option B<SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION> is set then
-renegotiation B<always> succeeds.
-
 B<NB:> a bug in OpenSSL clients earlier than 0.9.8m (all of which are
 unpatched) will result in the connection hanging if it receives a
 B<no_renegotiation> alert. OpenSSL versions 0.9.8m and later will regard
@@ -271,8 +270,7 @@ was refused.
 
 =head2 Patched OpenSSL client and unpatched server.
 
-If the option B<SSL_OP_LEGACY_SERVER_CONNECT> or
-B<SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION> is set then initial connections
+If the option B<SSL_OP_LEGACY_SERVER_CONNECT> is set then initial connections
 and renegotiation between patched OpenSSL clients and unpatched servers
 succeeds. If neither option is set then initial connections to unpatched
 servers will fail.
@@ -295,13 +293,6 @@ unpatched servers (and thus avoid any security issues) should always B<clear>
 B<SSL_OP_LEGACY_SERVER_CONNECT> using SSL_CTX_clear_options() or
 SSL_clear_options().
 
-The difference between the B<SSL_OP_LEGACY_SERVER_CONNECT> and
-B<SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION> options is that
-B<SSL_OP_LEGACY_SERVER_CONNECT> enables initial connections and secure
-renegotiation between OpenSSL clients and unpatched servers B<only>, while
-B<SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION> allows initial connections
-and renegotiation between OpenSSL and unpatched clients or servers.
-
 =head1 RETURN VALUES
 
 SSL_CTX_set_options() and SSL_set_options() return the new options bitmask
@@ -344,4 +335,7 @@ B<SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION>, B<SSL_OP_LEGACY_SERVER_CONNECT>
 and the function SSL_get_secure_renegotiation_support() were first added in
 OpenSSL 0.9.8m.
 
+B<SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION> was changed to have no effect
+in OpenBSD 5.6.
+
 =cut
diff --git a/src/lib/libssl/src/ssl/s3_pkt.c b/src/lib/libssl/src/ssl/s3_pkt.c
index e901268a34..ec73ef50bd 100644
--- a/src/lib/libssl/src/ssl/s3_pkt.c
+++ b/src/lib/libssl/src/ssl/s3_pkt.c
@@ -1095,8 +1095,7 @@ start:
             (s->version > SSL3_VERSION) &&
             (s->s3->handshake_fragment_len >= 4) &&
             (s->s3->handshake_fragment[0] == SSL3_MT_CLIENT_HELLO) &&
-            (s->session != NULL) && (s->session->cipher != NULL) &&
-            !(s->ctx->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) {
+            (s->session != NULL) && (s->session->cipher != NULL)) {
                 /*s->s3->handshake_fragment_len = 0;*/
                 rr->length = 0;
                 ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_NO_RENEGOTIATION);