diff --git a/postfix/HISTORY b/postfix/HISTORY index e412ef54c..b93da842b 100644 --- a/postfix/HISTORY +++ b/postfix/HISTORY @@ -26777,3 +26777,12 @@ Apologies for any names omitted. Minor wordsmithing. Files: text in proto/postconf.proto, warning message tls.tls_dh.c. + +20230115 + Workaround for a breaking change in OpenSSL 3: always turn + on SSL_OP_IGNORE_UNEXPECTED_EOF, to avoid warning messages + and missed opportunities for TLS session reuse. This is + safe because the SMTP protocol implements application-level + framing, and is therefore not affected by TLS truncation + attacks. Fix by Viktor Dukhovni. Files: tls/tls.h, tls_client.c, + tls/tls_server.c. diff --git a/postfix/proto/stop.double-history b/postfix/proto/stop.double-history index 8bab91402..072374f68 100644 --- a/postfix/proto/stop.double-history +++ b/postfix/proto/stop.double-history @@ -15,3 +15,4 @@ proto postconf proto src tlsproxy tlsproxy c src smtpd smtpd c src tls tls h src tls tls_proxy_client_misc c src tls tls_misc c src global mail_params h src smtp smtp c + attacks Fix by Viktor Dukhovni Files tls tls h tls_client c diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h index 687370c47..07663c44a 100644 --- a/postfix/src/global/mail_version.h +++ b/postfix/src/global/mail_version.h @@ -20,7 +20,7 @@ * Patches change both the patchlevel and the release date. Snapshots have no * patchlevel; they change the release date only. */ -#define MAIL_RELEASE_DATE "20230108" +#define MAIL_RELEASE_DATE "20230121" #define MAIL_VERSION_NUMBER "3.8" #ifdef SNAPSHOT diff --git a/postfix/src/tls/tls.h b/postfix/src/tls/tls.h index c98d828e5..00515ee93 100644 --- a/postfix/src/tls/tls.h +++ b/postfix/src/tls/tls.h @@ -387,6 +387,13 @@ extern void tls_param_init(void); #define SSL_OP_NO_TLSv1_3 0L /* Noop */ #endif +/* + * Always used when defined, SMTP has no truncation attacks. + */ +#ifndef SSL_OP_IGNORE_UNEXPECTED_EOF +#define SSL_OP_IGNORE_UNEXPECTED_EOF 0L +#endif + #define TLS_KNOWN_PROTOCOLS \ ( TLS_PROTOCOL_SSLv2 | TLS_PROTOCOL_SSLv3 | TLS_PROTOCOL_TLSv1 \ | TLS_PROTOCOL_TLSv1_1 | TLS_PROTOCOL_TLSv1_2 | TLS_PROTOCOL_TLSv1_3 ) @@ -403,7 +410,8 @@ extern void tls_param_init(void); * just exposed via hex codes or named elements of tls_ssl_options. */ #define TLS_SSL_OP_MANAGED_BITS \ - (SSL_OP_CIPHER_SERVER_PREFERENCE | TLS_SSL_OP_PROTOMASK(~0)) + (SSL_OP_CIPHER_SERVER_PREFERENCE | SSL_OP_IGNORE_UNEXPECTED_EOF | \ + TLS_SSL_OP_PROTOMASK(~0)) extern int tls_proto_mask_lims(const char *, int *, int *); diff --git a/postfix/src/tls/tls_client.c b/postfix/src/tls/tls_client.c index 4ffb0901c..d63d65023 100644 --- a/postfix/src/tls/tls_client.c +++ b/postfix/src/tls/tls_client.c @@ -713,6 +713,15 @@ TLS_APPL_STATE *tls_client_init(const TLS_CLIENT_INIT_PROPS *props) } tls_dane_digest_init(client_ctx, fpt_alg); + /* + * Presently we use TLS only with SMTP where truncation attacks are not + * possible as a result of application framing. If we ever use TLS in + * some other application protocol where truncation could be relevant, + * we'd need to disable truncation detection conditionally, or explicitly + * clear the option in that code path. + */ + off |= SSL_OP_IGNORE_UNEXPECTED_EOF; + /* * Protocol selection is destination dependent, so we delay the protocol * selection options to the per-session SSL object. diff --git a/postfix/src/tls/tls_server.c b/postfix/src/tls/tls_server.c index 6caf3ab54..b76cfbc70 100644 --- a/postfix/src/tls/tls_server.c +++ b/postfix/src/tls/tls_server.c @@ -512,6 +512,15 @@ TLS_APPL_STATE *tls_server_init(const TLS_SERVER_INIT_PROPS *props) if (scache_timeout <= 0) cachable = 0; + /* + * Presently we use TLS only with SMTP where truncation attacks are not + * possible as a result of application framing. If we ever use TLS in + * some other application protocol where truncation could be relevant, + * we'd need to disable truncation detection conditionally, or explicitly + * clear the option in that code path. + */ + off |= SSL_OP_IGNORE_UNEXPECTED_EOF; + /* * Protocol work-arounds, OpenSSL version dependent. */