Re: What is happening here? (TLS Library Problem)

Fri, 10 Jun 2022 06:00:57 -0700 

On Fri, Jun 10, 2022 at 07:17:45AM -0400, Wietse Venema wrote:

> Specifically, google 0A000126, the first result is PHP issue 8369a
> which links to https://github.com/openssl/openssl/issues/11378. The
> latter had a breaking fix, backed it out for OpenSSL 1.1.1, but
> kept it in the branch that become OpenSSL 3.

I guess that makes for a bit of bitrot to handle in the Postfix TLS
layer.  We need to add "SSL_OP_IGNORE_UNEXPECTED_EOF" to the SSL options
when defined (OpenSSL 3.0 and later).

-- 
    Viktor.

--- src/tls/tls.h
+++ src/tls/tls.h
@@ -387,6 +387,13 @@ extern void tls_param_init(void);
 #define SSL_OP_NO_TLSv1_3      0L      /* Noop */
 #endif
 
+/*
+ * Always used when defined, SMTP has no trucation attacks.
+ */
+#ifndef SSL_OP_IGNORE_UNEXPECTED_EOF
+#define SSL_OP_IGNORE_UNEXPECTED_EOF    0L
+#endif
+
 #define TLS_KNOWN_PROTOCOLS \
        ( TLS_PROTOCOL_SSLv2 | TLS_PROTOCOL_SSLv3 | TLS_PROTOCOL_TLSv1 \
           | TLS_PROTOCOL_TLSv1_1 | TLS_PROTOCOL_TLSv1_2 | TLS_PROTOCOL_TLSv1_3 
)
@@ -403,7 +410,8 @@ extern void tls_param_init(void);
  * just exposed via hex codes or named elements of tls_ssl_options.
  */
 #define TLS_SSL_OP_MANAGED_BITS \
-       (SSL_OP_CIPHER_SERVER_PREFERENCE | TLS_SSL_OP_PROTOMASK(~0))
+       (SSL_OP_CIPHER_SERVER_PREFERENCE | SSL_OP_IGNORE_UNEXPECTED_EOF | \
+        TLS_SSL_OP_PROTOMASK(~0))
 
 extern int tls_proto_mask_lims(const char *, int *, int *);
 
--- src/tls/tls_client.c
+++ src/tls/tls_client.c
@@ -713,6 +713,16 @@ TLS_APPL_STATE *tls_client_init(const 
TLS_CLIENT_INIT_PROPS *props)
     }
     tls_dane_digest_init(client_ctx, fpt_alg);
 
+    /*
+     * Presently we use TLS only with SMTP where truncation attacks are not
+     * possible as a result of application framing.  If we ever use TLS in
+     * some other application protocol where truncation could be relevant,
+     * we'd need to disable truncation detection conditionally, or expcitly
+     * clear the option in that code path.
+     *
+     */
+    off |= SSL_OP_IGNORE_UNEXPECTED_EOF;
+
     /*
      * Protocol selection is destination dependent, so we delay the protocol
      * selection options to the per-session SSL object.
--- src/tls/tls_server.c
+++ src/tls/tls_server.c
@@ -512,6 +512,16 @@ TLS_APPL_STATE *tls_server_init(const 
TLS_SERVER_INIT_PROPS *props)
     if (scache_timeout <= 0)
        cachable = 0;
 
+    /*
+     * Presently we use TLS only with SMTP where truncation attacks are not
+     * possible as a result of application framing.  If we ever use TLS in
+     * some other application protocol where truncation could be relevant,
+     * we'd need to disable truncation detection conditionally, or expcitly
+     * clear the option in that code path.
+     *
+     */
+    off |= SSL_OP_IGNORE_UNEXPECTED_EOF;
+
     /*
      * Protocol work-arounds, OpenSSL version dependent.
      */

Reply via email to