From 4a5070f579eeac314136c9f15b58ae4f9baec16d Mon Sep 17 00:00:00 2001 From: guenther Date: Fri, 18 Apr 2014 15:39:53 +0000 Subject: [PATCH] Finish zapping SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION usage; only keep the #define for compat, but document that it's a no-op now. Also, neuter the -legacy_renegotiation option to "openssl s_{client,server}" ok beck@ --- lib/libssl/s3_pkt.c | 3 +-- lib/libssl/src/apps/s_client.c | 13 ++++++----- lib/libssl/src/apps/s_server.c | 3 +-- .../src/doc/ssl/SSL_CTX_set_options.pod | 22 +++++++------------ lib/libssl/src/ssl/s3_pkt.c | 3 +-- 5 files changed, 19 insertions(+), 25 deletions(-) diff --git a/lib/libssl/s3_pkt.c b/lib/libssl/s3_pkt.c index e901268a341..ec73ef50bd9 100644 --- a/lib/libssl/s3_pkt.c +++ b/lib/libssl/s3_pkt.c @@ -1095,8 +1095,7 @@ start: (s->version > SSL3_VERSION) && (s->s3->handshake_fragment_len >= 4) && (s->s3->handshake_fragment[0] == SSL3_MT_CLIENT_HELLO) && - (s->session != NULL) && (s->session->cipher != NULL) && - !(s->ctx->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) { + (s->session != NULL) && (s->session->cipher != NULL)) { /*s->s3->handshake_fragment_len = 0;*/ rr->length = 0; ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_NO_RENEGOTIATION); diff --git a/lib/libssl/src/apps/s_client.c b/lib/libssl/src/apps/s_client.c index 4290548de51..cbdba2ae520 100644 --- a/lib/libssl/src/apps/s_client.c +++ b/lib/libssl/src/apps/s_client.c @@ -334,7 +334,7 @@ sc_usage(void) BIO_printf(bio_err, " -starttls prot - use the STARTTLS command before starting TLS\n"); BIO_printf(bio_err, " for those protocols that support it, where\n"); BIO_printf(bio_err, " 'prot' defines which one to assume. Currently,\n"); - BIO_printf(bio_err, " only \"smtp\", \"pop3\", \"imap\", \"ftp\" and \"xmpp\"\n"); + BIO_printf(bio_err, " only \"smtp\", \"lmtp\", \"pop3\", \"imap\", \"ftp\" and \"xmpp\"\n"); BIO_printf(bio_err, " are supported.\n"); #ifndef OPENSSL_NO_ENGINE BIO_printf(bio_err, " -engine id - Initialise and use the specified engine\n"); @@ -351,7 +351,6 @@ sc_usage(void) BIO_printf(bio_err, " -nextprotoneg arg - enable NPN extension, considering named protocols supported (comma-separated list)\n"); #endif #endif - BIO_printf(bio_err, " -legacy_renegotiation - enable use of legacy renegotiation (dangerous)\n"); #ifndef OPENSSL_NO_SRTP BIO_printf(bio_err, " -use_srtp profiles - Offer SRTP key management with a colon-separated profile list\n"); #endif @@ -535,6 +534,7 @@ next_proto_cb(SSL * s, unsigned char **out, unsigned char *outlen, const unsigne enum { PROTO_OFF = 0, PROTO_SMTP, + PROTO_LMTP, PROTO_POP3, PROTO_IMAP, PROTO_FTP, @@ -832,7 +832,7 @@ s_client_main(int argc, char **argv) else if (strcmp(*argv, "-serverpref") == 0) off |= SSL_OP_CIPHER_SERVER_PREFERENCE; else if (strcmp(*argv, "-legacy_renegotiation") == 0) - off |= SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION; + ; /* no-op */ else if (strcmp(*argv, "-legacy_server_connect") == 0) { off |= SSL_OP_LEGACY_SERVER_CONNECT; } else if (strcmp(*argv, "-no_legacy_server_connect") == 0) { @@ -853,6 +853,8 @@ s_client_main(int argc, char **argv) ++argv; if (strcmp(*argv, "smtp") == 0) starttls_proto = PROTO_SMTP; + else if (strcmp(*argv, "lmtp") == 0) + starttls_proto = PROTO_LMTP; else if (strcmp(*argv, "pop3") == 0) starttls_proto = PROTO_POP3; else if (strcmp(*argv, "imap") == 0) @@ -1287,7 +1289,7 @@ re_start: * push a buffering BIO into the chain that is removed again later on * to not disturb the rest of the s_client operation. */ - if (starttls_proto == PROTO_SMTP) { + if (starttls_proto == PROTO_SMTP || starttls_proto == PROTO_LMTP) { int foundit = 0; BIO *fbio = BIO_new(BIO_f_buffer()); BIO_push(fbio, sbio); @@ -1297,7 +1299,8 @@ re_start: } while (mbuf_len > 3 && mbuf[3] == '-'); /* STARTTLS command requires EHLO... */ - BIO_printf(fbio, "EHLO openssl.client.net\r\n"); + BIO_printf(fbio, "%cHLO openssl.client.net\r\n", + starttls_proto == PROTO_SMTP ? 'E' : 'L'); (void) BIO_flush(fbio); /* wait for multi-line response to end EHLO SMTP response */ do { diff --git a/lib/libssl/src/apps/s_server.c b/lib/libssl/src/apps/s_server.c index 27925b492d9..a84b822538a 100644 --- a/lib/libssl/src/apps/s_server.c +++ b/lib/libssl/src/apps/s_server.c @@ -525,7 +525,6 @@ sv_usage(void) BIO_printf(bio_err, " not specified (default is %s)\n", TEST_CERT2); BIO_printf(bio_err, " -tlsextdebug - hex dump of all TLS extensions received\n"); BIO_printf(bio_err, " -no_ticket - disable use of RFC4507bis session tickets\n"); - BIO_printf(bio_err, " -legacy_renegotiation - enable use of legacy renegotiation (dangerous)\n"); #ifndef OPENSSL_NO_NEXTPROTONEG BIO_printf(bio_err, " -nextprotoneg arg - set the advertised protocols for the NPN extension (comma-separated list)\n"); #endif @@ -904,7 +903,7 @@ s_server_main(int argc, char *argv[]) else if (strcmp(*argv, "-serverpref") == 0) { off |= SSL_OP_CIPHER_SERVER_PREFERENCE; } else if (strcmp(*argv, "-legacy_renegotiation") == 0) - off |= SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION; + ; /* no-op */ else if (strcmp(*argv, "-cipher") == 0) { if (--argc < 1) goto bad; diff --git a/lib/libssl/src/doc/ssl/SSL_CTX_set_options.pod b/lib/libssl/src/doc/ssl/SSL_CTX_set_options.pod index fded0601b56..d9322825514 100644 --- a/lib/libssl/src/doc/ssl/SSL_CTX_set_options.pod +++ b/lib/libssl/src/doc/ssl/SSL_CTX_set_options.pod @@ -216,8 +216,10 @@ not be used by clients or servers. =item SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION -Allow legacy insecure renegotiation between OpenSSL and unpatched clients or -servers. See the B section for more details. +As of OpenBSD 5.6, this option has no effect. +In previous versions it allowed legacy insecure renegotiation between +OpenSSL and unpatched clients or servers. +See the B section for more details. =item SSL_OP_LEGACY_SERVER_CONNECT @@ -258,9 +260,6 @@ If the patched OpenSSL server attempts to renegotiate a fatal B alert is sent. This is because the server code may be unaware of the unpatched nature of the client. -If the option B is set then -renegotiation B succeeds. - B a bug in OpenSSL clients earlier than 0.9.8m (all of which are unpatched) will result in the connection hanging if it receives a B alert. OpenSSL versions 0.9.8m and later will regard @@ -271,8 +270,7 @@ was refused. =head2 Patched OpenSSL client and unpatched server. -If the option B or -B is set then initial connections +If the option B is set then initial connections and renegotiation between patched OpenSSL clients and unpatched servers succeeds. If neither option is set then initial connections to unpatched servers will fail. @@ -295,13 +293,6 @@ unpatched servers (and thus avoid any security issues) should always B B using SSL_CTX_clear_options() or SSL_clear_options(). -The difference between the B and -B options is that -B enables initial connections and secure -renegotiation between OpenSSL clients and unpatched servers B, while -B allows initial connections -and renegotiation between OpenSSL and unpatched clients or servers. - =head1 RETURN VALUES SSL_CTX_set_options() and SSL_set_options() return the new options bitmask @@ -344,4 +335,7 @@ B, B and the function SSL_get_secure_renegotiation_support() were first added in OpenSSL 0.9.8m. +B was changed to have no effect +in OpenBSD 5.6. + =cut diff --git a/lib/libssl/src/ssl/s3_pkt.c b/lib/libssl/src/ssl/s3_pkt.c index e901268a341..ec73ef50bd9 100644 --- a/lib/libssl/src/ssl/s3_pkt.c +++ b/lib/libssl/src/ssl/s3_pkt.c @@ -1095,8 +1095,7 @@ start: (s->version > SSL3_VERSION) && (s->s3->handshake_fragment_len >= 4) && (s->s3->handshake_fragment[0] == SSL3_MT_CLIENT_HELLO) && - (s->session != NULL) && (s->session->cipher != NULL) && - !(s->ctx->options & SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION)) { + (s->session != NULL) && (s->session->cipher != NULL)) { /*s->s3->handshake_fragment_len = 0;*/ rr->length = 0; ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_NO_RENEGOTIATION); -- 2.20.1