Finish zapping SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION usage; only keep

the #define for compat, but document that it's a no-op now.  Also, neuter
the -legacy_renegotiation option to "openssl s_{client,server}"

ok beck@

4 files changed, 18 insertions, 23 deletions

diff --git a/lib/libssl/src/apps/s_client.c b/lib/libssl/src/apps/s_client.c
index 4290548de51..cbdba2ae520 100644
--- a/lib/libssl/src/apps/s_client.c
+++ b/lib/libssl/src/apps/s_client.c
@@ -334,7 +334,7 @@ sc_usage(void)
 	BIO_printf(bio_err, " -starttls prot - use the STARTTLS command before starting TLS\n");
 	BIO_printf(bio_err, "                 for those protocols that support it, where\n");
 	BIO_printf(bio_err, "                 'prot' defines which one to assume.  Currently,\n");
-	BIO_printf(bio_err, "                 only \"smtp\", \"pop3\", \"imap\", \"ftp\" and \"xmpp\"\n");
+	BIO_printf(bio_err, "                 only \"smtp\", \"lmtp\", \"pop3\", \"imap\", \"ftp\" and \"xmpp\"\n");
 	BIO_printf(bio_err, "                 are supported.\n");
 #ifndef OPENSSL_NO_ENGINE
 	BIO_printf(bio_err, " -engine id    - Initialise and use the specified engine\n");
@@ -351,7 +351,6 @@ sc_usage(void)
 	BIO_printf(bio_err, " -nextprotoneg arg - enable NPN extension, considering named protocols supported (comma-separated list)\n");
 #endif
 #endif
-	BIO_printf(bio_err, " -legacy_renegotiation - enable use of legacy renegotiation (dangerous)\n");
 #ifndef OPENSSL_NO_SRTP
 	BIO_printf(bio_err, " -use_srtp profiles - Offer SRTP key management with a colon-separated profile list\n");
 #endif
@@ -535,6 +534,7 @@ next_proto_cb(SSL * s, unsigned char **out, unsigned char *outlen, const unsigne
 enum {
 	PROTO_OFF = 0,
 	PROTO_SMTP,
+	PROTO_LMTP,
 	PROTO_POP3,
 	PROTO_IMAP,
 	PROTO_FTP,
@@ -832,7 +832,7 @@ s_client_main(int argc, char **argv)
 		else if (strcmp(*argv, "-serverpref") == 0)
 			off |= SSL_OP_CIPHER_SERVER_PREFERENCE;
 		else if (strcmp(*argv, "-legacy_renegotiation") == 0)
-			off |= SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION;
+			; /* no-op */
 		else if (strcmp(*argv, "-legacy_server_connect") == 0) {
 			off |= SSL_OP_LEGACY_SERVER_CONNECT;
 		} else if (strcmp(*argv, "-no_legacy_server_connect") == 0) {
@@ -853,6 +853,8 @@ s_client_main(int argc, char **argv)
 			++argv;
 			if (strcmp(*argv, "smtp") == 0)
 				starttls_proto = PROTO_SMTP;
+			else if (strcmp(*argv, "lmtp") == 0)
+				starttls_proto = PROTO_LMTP;
 			else if (strcmp(*argv, "pop3") == 0)
 				starttls_proto = PROTO_POP3;
 			else if (strcmp(*argv, "imap") == 0)
@@ -1287,7 +1289,7 @@ re_start:
 	 * push a buffering BIO into the chain that is removed again later on
 	 * to not disturb the rest of the s_client operation.
 	 */
-	if (starttls_proto == PROTO_SMTP) {
+	if (starttls_proto == PROTO_SMTP || starttls_proto == PROTO_LMTP) {
 		int foundit = 0;
 		BIO *fbio = BIO_new(BIO_f_buffer());
 		BIO_push(fbio, sbio);
@@ -1297,7 +1299,8 @@ re_start:
 		}
 		while (mbuf_len > 3 && mbuf[3] == '-');
 		/* STARTTLS command requires EHLO... */
-		BIO_printf(fbio, "EHLO openssl.client.net\r\n");
+		BIO_printf(fbio, "%cHLO openssl.client.net\r\n",
+			   starttls_proto == PROTO_SMTP ? 'E' : 'L');
 		(void) BIO_flush(fbio);
 		/* wait for multi-line response to end EHLO SMTP response */
 		do {
diff --git a/lib/libssl/src/apps/s_server.c b/lib/libssl/src/apps/s_server.c
index 27925b492d9..a84b822538a 100644
--- a/lib/libssl/src/apps/s_server.c
+++ b/lib/libssl/src/apps/s_server.c
@@ -525,7 +525,6 @@ sv_usage(void)
 	BIO_printf(bio_err, "                 not specified (default is %s)\n", TEST_CERT2);
 	BIO_printf(bio_err, " -tlsextdebug  - hex dump of all TLS extensions received\n");
 	BIO_printf(bio_err, " -no_ticket    - disable use of RFC4507bis session tickets\n");
-	BIO_printf(bio_err, " -legacy_renegotiation - enable use of legacy renegotiation (dangerous)\n");
 #ifndef OPENSSL_NO_NEXTPROTONEG
 	BIO_printf(bio_err, " -nextprotoneg arg - set the advertised protocols for the NPN extension (comma-separated list)\n");
 #endif
@@ -904,7 +903,7 @@ s_server_main(int argc, char *argv[])
 		else if (strcmp(*argv, "-serverpref") == 0) {
 			off |= SSL_OP_CIPHER_SERVER_PREFERENCE;
 		} else if (strcmp(*argv, "-legacy_renegotiation") == 0)
-			off |= SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION;
+			; /* no-op */
 		else if (strcmp(*argv, "-cipher") == 0) {
 			if (--argc < 1)
 				goto bad;
diff --git a/lib/libssl/src/doc/ssl/SSL_CTX_set_options.pod b/lib/libssl/src/doc/ssl/SSL_CTX_set_options.pod
index fded0601b56..d9322825514 100644
--- a/lib/libssl/src/doc/ssl/SSL_CTX_set_options.pod
+++ b/lib/libssl/src/doc/ssl/SSL_CTX_set_options.pod
@@ -216,8 +216,10 @@ not be used by clients or servers.
 
 =item SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION
 
-Allow legacy insecure renegotiation between OpenSSL and unpatched clients or
-servers. See the B<SECURE RENEGOTIATION> section for more details.
+As of OpenBSD 5.6, this option has no effect.
+In previous versions it allowed legacy insecure renegotiation between
+OpenSSL and unpatched clients or servers.
+See the B<SECURE RENEGOTIATION> section for more details.
 
 =item SSL_OP_LEGACY_SERVER_CONNECT
 
@@ -258,9 +260,6 @@ If the patched OpenSSL server attempts to renegotiate a fatal
 B<handshake_failure> alert is sent. This is because the server code may be
 unaware of the unpatched nature of the client.
 
-If the option B<SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION> is set then
-renegotiation B<always> succeeds.
-
 B<NB:> a bug in OpenSSL clients earlier than 0.9.8m (all of which are
 unpatched) will result in the connection hanging if it receives a
 B<no_renegotiation> alert. OpenSSL versions 0.9.8m and later will regard
@@ -271,8 +270,7 @@ was refused.
 
 =head2 Patched OpenSSL client and unpatched server.
 
-If the option B<SSL_OP_LEGACY_SERVER_CONNECT> or
-B<SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION> is set then initial connections
+If the option B<SSL_OP_LEGACY_SERVER_CONNECT> is set then initial connections
 and renegotiation between patched OpenSSL clients and unpatched servers
 succeeds. If neither option is set then initial connections to unpatched
 servers will fail.
@@ -295,13 +293,6 @@ unpatched servers (and thus avoid any security issues) should always B<clear>
 B<SSL_OP_LEGACY_SERVER_CONNECT> using SSL_CTX_clear_options() or
 SSL_clear_options().
 
-The difference between the B<SSL_OP_LEGACY_SERVER_CONNECT> and
-B<SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION> options is that
-B<SSL_OP_LEGACY_SERVER_CONNECT> enables initial connections and secure
-renegotiation between OpenSSL clients and unpatched servers B<only>, while
-B<SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION> allows initial connections
-and renegotiation between OpenSSL and unpatched clients or servers.
-
 =head1 RETURN VALUES
 
 SSL_CTX_set_options() and SSL_set_options() return the new options bitmask
@@ -344,4 +335,7 @@ B<SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION>, B<SSL_OP_LEGACY_SERVER_CONNECT>
 and the function SSL_get_secure_renegotiation_support() were first added in
 OpenSSL 0.9.8m.
 
+B<SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION> was changed to have no effect
+in OpenBSD 5.6.
+
 =cut
diff --git a/lib/libssl/src/ssl/s3_pkt.c b/lib/libssl/src/ssl/s3_pkt.c
index e901268a341..ec73ef50bd9 100644
--- a/lib/libssl/src/ssl/s3_pkt.c
+++ b/lib/libssl/src/ssl/s3_pkt.c
@@ -1095,8 +1095,7 @@ start:
 	    (s->version > SSL3_VERSION) &&
 	    (s->s3->handshake_fragment_len >= 4) &&
 	    (s->s3->handshake_fragment[0] == SSL3_MT_CLIENT_HELLO) &&
-	    (s->session != NULL) && (s->session->cipher != NULL) &&
-	    !(s->ctx->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) {
+	    (s->session != NULL) && (s->session->cipher != NULL)) {
 		/*s->s3->handshake_fragment_len = 0;*/
 		rr->length = 0;
 		ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_NO_RENEGOTIATION);