From: John Baldwin Date: Wed, 7 Oct 2020 21:34:19 +0000 (-0700) Subject: Allow zero-byte writes to be reported as success. X-Git-Tag: openssl-3.0.0-alpha10~229 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=410f5bb18908d89e5e35339049adf4070925faec;p=thirdparty%2Fopenssl.git Allow zero-byte writes to be reported as success. When using KTLS, empty fragments sent as a mitigation for known-IV weakenesses in TLS 1.0 are sent as writes of 0 bytes. The TLS header and trailer are added to the empty fragment by the kernel. Reviewed-by: Matt Caswell Reviewed-by: Ben Kaduk (Merged from https://github.com/openssl/openssl/pull/13090) --- diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c index 0d9228c6709..9fadeba62da 100644 --- a/ssl/record/rec_layer_s3.c +++ b/ssl/record/rec_layer_s3.c @@ -1206,7 +1206,15 @@ int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, size_t len, SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_BIO_NOT_SET); i = -1; } - if (i > 0 && tmpwrit == SSL3_BUFFER_get_left(&wb[currbuf])) { + + /* + * When an empty fragment is sent on a connection using KTLS, + * it is sent as a write of zero bytes. If this zero byte + * write succeeds, i will be 0 rather than a non-zero value. + * Treat i == 0 as success rather than an error for zero byte + * writes to permit this case. + */ + if (i >= 0 && tmpwrit == SSL3_BUFFER_get_left(&wb[currbuf])) { SSL3_BUFFER_set_left(&wb[currbuf], 0); SSL3_BUFFER_add_offset(&wb[currbuf], tmpwrit); if (currbuf + 1 < s->rlayer.numwpipes)