Allow zero-byte writes to be reported as success.

When using KTLS, empty fragments sent as a mitigation for known-IV
weakenesses in TLS 1.0 are sent as writes of 0 bytes.  The TLS header
and trailer are added to the empty fragment by the kernel.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/13090)

diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c
index 0d9228c6709fbf2d2cd2e21c399c7428be222475..9fadeba62da56bd1a0e61b736c80a373c7464fa5 100644 (file)
--- a/ssl/record/rec_layer_s3.c
+++ b/ssl/record/rec_layer_s3.c
@@ -1206,7 +1206,15 @@ int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, size_t len,
             SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_BIO_NOT_SET);
             i = -1;
         }
-        if (i > 0 && tmpwrit == SSL3_BUFFER_get_left(&wb[currbuf])) {
+
+       /*
+        * When an empty fragment is sent on a connection using KTLS,
+        * it is sent as a write of zero bytes.  If this zero byte
+        * write succeeds, i will be 0 rather than a non-zero value.
+        * Treat i == 0 as success rather than an error for zero byte
+        * writes to permit this case.
+        */
+        if (i >= 0 && tmpwrit == SSL3_BUFFER_get_left(&wb[currbuf])) {
             SSL3_BUFFER_set_left(&wb[currbuf], 0);
             SSL3_BUFFER_add_offset(&wb[currbuf], tmpwrit);
             if (currbuf + 1 < s->rlayer.numwpipes)