Allow zero-byte writes to be reported as success.

When using KTLS, empty fragments sent as a mitigation for known-IV
weakenesses in TLS 1.0 are sent as writes of 0 bytes.  The TLS header
and trailer are added to the empty fragment by the kernel.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/13090)

1 files changed, 9 insertions, 1 deletions

diff --git a/ssl/record/rec_layer_s3.c b/ssl/record/rec_layer_s3.c
index 0d9228c670..9fadeba62d 100644
--- a/ssl/record/rec_layer_s3.c
+++ b/ssl/record/rec_layer_s3.c
@@ -1206,7 +1206,15 @@ int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, size_t len,
             SSLfatal(s, SSL_AD_INTERNAL_ERROR, SSL_R_BIO_NOT_SET);
             i = -1;
         }
-        if (i > 0 && tmpwrit == SSL3_BUFFER_get_left(&wb[currbuf])) {
+
+	/*
+	 * When an empty fragment is sent on a connection using KTLS,
+	 * it is sent as a write of zero bytes.  If this zero byte
+	 * write succeeds, i will be 0 rather than a non-zero value.
+	 * Treat i == 0 as success rather than an error for zero byte
+	 * writes to permit this case.
+	 */
+        if (i >= 0 && tmpwrit == SSL3_BUFFER_get_left(&wb[currbuf])) {
             SSL3_BUFFER_set_left(&wb[currbuf], 0);
             SSL3_BUFFER_add_offset(&wb[currbuf], tmpwrit);
             if (currbuf + 1 < s->rlayer.numwpipes)