From cfd9ee66bf60f35bcdec05e44c8c7a558fd25f98 Mon Sep 17 00:00:00 2001
From: Daiki Ueno <dueno@redhat.com>
Date: Fri, 8 Jun 2018 15:55:06 +0200
Subject: record: improve empty message handling in TLS 1.3

Previously, _gnutls_recv_in_buffers() silently discarded empty
messages because such messages are used as a countermeasure to
vulnerabilities in the CBC mode.  In TLS 1.3, however, there are only
AEAD ciphers and such logic is meaningless.  Moreover, in the protocol
it is suggested to send "unexpected_message" alert when receiving
empty messages in certain occasions.  This change moves the empty
message handling to record_add_to_buffers().

Signed-off-by: Daiki Ueno <dueno@redhat.com>
---
 lib/record.c | 23 ++++++++++++++++++++++-
 1 file changed, 22 insertions(+), 1 deletion(-)

diff --git a/lib/record.c b/lib/record.c
index be5f867141..a0c9d5cf5a 100644
--- a/lib/record.c
+++ b/lib/record.c
@@ -776,6 +776,20 @@ record_add_to_buffers(gnutls_session_t session,
 	    && (type == GNUTLS_APPLICATION_DATA ||
 		type == GNUTLS_CHANGE_CIPHER_SPEC ||
 		type == GNUTLS_HANDSHAKE)) {
+		if (bufel->msg.size == 0) {
+			if (type == GNUTLS_APPLICATION_DATA) {
+				/* this is needed to distinguish an empty
+				 * message and EOF */
+				ret = GNUTLS_E_AGAIN;
+				goto cleanup;
+			} else {
+				ret =
+				    gnutls_assert_val
+				    (GNUTLS_E_UNEXPECTED_PACKET);
+				goto unexpected_packet;
+			}
+		}
+
 		_gnutls_record_buffer_put(session, type, seq, bufel);
 
 		/* if we received application data as expected then we
@@ -1374,7 +1388,14 @@ _gnutls_recv_in_buffers(gnutls_session_t session, content_type_t type,
  * In that case we go to the beginning and start reading
  * the next packet.
  */
-	if (_mbuffer_get_udata_size(decrypted) == 0) {
+	if (_mbuffer_get_udata_size(decrypted) == 0 &&
+	    /* Under TLS 1.3, there are only AEAD ciphers and this
+	     * logic is meaningless. Moreover, the implementation need
+	     * to send correct alert upon receiving empty messages in
+	     * certain occasions. Skip this and leave
+	     * record_add_to_buffers() to handle the empty
+	     * messages. */
+	    !(vers && vers->tls13_sem)) {
 		_mbuffer_xfree(&decrypted);
 		n_retries++;
 		goto begin;
-- 
cgit v1.2.1