On Fri, Jun 10, 2022 at 07:17:45AM -0400, Wietse Venema wrote: > Specifically, google 0A000126, the first result is PHP issue 8369a > which links to https://github.com/openssl/openssl/issues/11378. The > latter had a breaking fix, backed it out for OpenSSL 1.1.1, but > kept it in the branch that become OpenSSL 3.
I guess that makes for a bit of bitrot to handle in the Postfix TLS layer. We need to add "SSL_OP_IGNORE_UNEXPECTED_EOF" to the SSL options when defined (OpenSSL 3.0 and later). -- Viktor. --- src/tls/tls.h +++ src/tls/tls.h @@ -387,6 +387,13 @@ extern void tls_param_init(void); #define SSL_OP_NO_TLSv1_3 0L /* Noop */ #endif +/* + * Always used when defined, SMTP has no trucation attacks. + */ +#ifndef SSL_OP_IGNORE_UNEXPECTED_EOF +#define SSL_OP_IGNORE_UNEXPECTED_EOF 0L +#endif + #define TLS_KNOWN_PROTOCOLS \ ( TLS_PROTOCOL_SSLv2 | TLS_PROTOCOL_SSLv3 | TLS_PROTOCOL_TLSv1 \ | TLS_PROTOCOL_TLSv1_1 | TLS_PROTOCOL_TLSv1_2 | TLS_PROTOCOL_TLSv1_3 ) @@ -403,7 +410,8 @@ extern void tls_param_init(void); * just exposed via hex codes or named elements of tls_ssl_options. */ #define TLS_SSL_OP_MANAGED_BITS \ - (SSL_OP_CIPHER_SERVER_PREFERENCE | TLS_SSL_OP_PROTOMASK(~0)) + (SSL_OP_CIPHER_SERVER_PREFERENCE | SSL_OP_IGNORE_UNEXPECTED_EOF | \ + TLS_SSL_OP_PROTOMASK(~0)) extern int tls_proto_mask_lims(const char *, int *, int *); --- src/tls/tls_client.c +++ src/tls/tls_client.c @@ -713,6 +713,16 @@ TLS_APPL_STATE *tls_client_init(const TLS_CLIENT_INIT_PROPS *props) } tls_dane_digest_init(client_ctx, fpt_alg); + /* + * Presently we use TLS only with SMTP where truncation attacks are not + * possible as a result of application framing. If we ever use TLS in + * some other application protocol where truncation could be relevant, + * we'd need to disable truncation detection conditionally, or expcitly + * clear the option in that code path. + * + */ + off |= SSL_OP_IGNORE_UNEXPECTED_EOF; + /* * Protocol selection is destination dependent, so we delay the protocol * selection options to the per-session SSL object. --- src/tls/tls_server.c +++ src/tls/tls_server.c @@ -512,6 +512,16 @@ TLS_APPL_STATE *tls_server_init(const TLS_SERVER_INIT_PROPS *props) if (scache_timeout <= 0) cachable = 0; + /* + * Presently we use TLS only with SMTP where truncation attacks are not + * possible as a result of application framing. If we ever use TLS in + * some other application protocol where truncation could be relevant, + * we'd need to disable truncation detection conditionally, or expcitly + * clear the option in that code path. + * + */ + off |= SSL_OP_IGNORE_UNEXPECTED_EOF; + /* * Protocol work-arounds, OpenSSL version dependent. */