5 files changed, 8 insertions, 80 deletions

diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h
index 48cb6256df..4ad73af722 100644
--- a/src/lib/libssl/ssl.h
+++ b/src/lib/libssl/ssl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl.h,v 1.249 2025/10/24 11:36:08 tb Exp $ */
+/* $OpenBSD: ssl.h,v 1.250 2026/04/03 13:11:00 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -369,15 +369,6 @@ typedef int (*tls_session_secret_cb_fn)(SSL *s, void *secret, int *secret_len,
 /* Allow initial connection to servers that don't support RI */
 #define SSL_OP_LEGACY_SERVER_CONNECT                    0x00000004L
 
-/* Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added
- * in OpenSSL 0.9.6d.  Usually (depending on the application protocol)
- * the workaround is not needed.
- * Unfortunately some broken SSL/TLS implementations cannot handle it
- * at all, which is why it was previously included in SSL_OP_ALL.
- * Now it's not.
- */
-#define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS              0x00000800L
-
 /* DTLS options */
 #define SSL_OP_NO_QUERY_MTU                             0x00001000L
 /* Turn on Cookie Exchange (on relevant for servers) */
@@ -439,6 +430,7 @@ typedef int (*tls_session_secret_cb_fn)(SSL *s, void *secret, int *secret_len,
 #define SSL_OP_TLS_BLOCK_PADDING_BUG                    0x0
 #define SSL_OP_TLS_D5_BUG                               0x0
 #define SSL_OP_TLS_ROLLBACK_BUG                         0x0
+#define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS              0x0
 
 /* Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success
  * when just a single record has been written): */
diff --git a/src/lib/libssl/ssl_both.c b/src/lib/libssl/ssl_both.c
index 5a704233c9..90f497553b 100644
--- a/src/lib/libssl/ssl_both.c
+++ b/src/lib/libssl/ssl_both.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_both.c,v 1.48 2026/04/03 07:17:36 jsing Exp $ */
+/* $OpenBSD: ssl_both.c,v 1.49 2026/04/03 13:11:00 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -513,7 +513,6 @@ ssl3_setup_read_buffer(SSL *s)
 int
 ssl3_setup_write_buffer(SSL *s)
 {
-        unsigned char *p;
         size_t len, align, headerlen;
 
         if (SSL_is_dtls(s))
@@ -526,13 +525,9 @@ ssl3_setup_write_buffer(SSL *s)
         if (s->s3->wbuf.buf == NULL) {
                 len = s->max_send_fragment +
                     SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD + headerlen + align;
-                if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS))
-                        len += headerlen + align +
-                            SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD;
 
-                if ((p = calloc(1, len)) == NULL)
+                if ((s->s3->wbuf.buf = calloc(1, len)) == NULL)
                         goto err;
-                s->s3->wbuf.buf = p;
                 s->s3->wbuf.len = len;
         }
 
diff --git a/src/lib/libssl/ssl_local.h b/src/lib/libssl/ssl_local.h
index 45e57ead9e..6484c8dea3 100644
--- a/src/lib/libssl/ssl_local.h
+++ b/src/lib/libssl/ssl_local.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_local.h,v 1.36 2026/04/03 07:17:36 jsing Exp $ */
+/* $OpenBSD: ssl_local.h,v 1.37 2026/04/03 13:11:00 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1099,10 +1099,6 @@ typedef struct ssl3_state_st {
         int alert_dispatch;
         unsigned char send_alert[2];
 
-        /* flags for countermeasure against known-IV weakness */
-        int need_empty_fragments;
-        int empty_fragment_done;
-
         /* Unprocessed Alert/Handshake protocol data. */
         struct tls_buffer *alert_fragment;
         struct tls_buffer *handshake_fragment;
diff --git a/src/lib/libssl/ssl_pkt.c b/src/lib/libssl/ssl_pkt.c
index 683dc94a37..6440ef210f 100644
--- a/src/lib/libssl/ssl_pkt.c
+++ b/src/lib/libssl/ssl_pkt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_pkt.c,v 1.71 2026/04/03 07:26:20 jsing Exp $ */
+/* $OpenBSD: ssl_pkt.c,v 1.72 2026/04/03 13:11:00 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -506,16 +506,8 @@ ssl3_write_bytes(SSL *s, int type, const void *buf_, int len)
                 }
 
                 if ((i == (int)n) || (type == SSL3_RT_APPLICATION_DATA &&
-                    (s->mode & SSL_MODE_ENABLE_PARTIAL_WRITE))) {
-                        /*
-                         * Next chunk of data should get another prepended
-                         * empty fragment in ciphersuites with known-IV
-                         * weakness.
-                         */
-                        s->s3->empty_fragment_done = 0;
-
+                    (s->mode & SSL_MODE_ENABLE_PARTIAL_WRITE)))
                         return tot + i;
-                }
 
                 n -= i;
                 tot += i;
@@ -526,8 +518,6 @@ static int
 do_ssl3_write(SSL *s, int type, const unsigned char *buf, unsigned int len)
 {
         SSL3_BUFFER_INTERNAL *wb = &(s->s3->wbuf);
-        SSL_SESSION *sess = s->session;
-        int need_empty_fragment = 0;
         size_t align, out_len;
         CBB cbb;
         int ret;
@@ -560,26 +550,7 @@ do_ssl3_write(SSL *s, int type, const unsigned char *buf, unsigned int len)
         if (len == 0)
                 return 0;
 
-        /*
-         * Countermeasure against known-IV weakness in CBC ciphersuites
-         * (see http://www.openssl.org/~bodo/tls-cbc.txt). Note that this
-         * is unnecessary for AEAD.
-         */
-        if (sess != NULL && tls12_record_layer_write_protected(s->rl)) {
-                if (s->s3->need_empty_fragments &&
-                    !s->s3->empty_fragment_done &&
-                    type == SSL3_RT_APPLICATION_DATA)
-                        need_empty_fragment = 1;
-        }
-
-        /*
-         * An extra fragment would be a couple of cipher blocks, which would
-         * be a multiple of SSL3_ALIGN_PAYLOAD, so if we want to align the real
-         * payload, then we can just simply pretend we have two headers.
-         */
         align = (size_t)wb->buf + SSL3_RT_HEADER_LENGTH;
-        if (need_empty_fragment)
-                align += SSL3_RT_HEADER_LENGTH;
         align = (-align) & (SSL3_ALIGN_PAYLOAD - 1);
         wb->offset = align;
 
@@ -588,13 +559,6 @@ do_ssl3_write(SSL *s, int type, const unsigned char *buf, unsigned int len)
 
         tls12_record_layer_set_version(s->rl, s->version);
 
-        if (need_empty_fragment) {
-                if (!tls12_record_layer_seal_record(s->rl, type,
-                    buf, 0, &cbb))
-                        goto err;
-                s->s3->empty_fragment_done = 1;
-        }
-
         if (!tls12_record_layer_seal_record(s->rl, type, buf, len, &cbb))
                 goto err;
 
diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c
index 64e1dd5b63..1a93b0d37e 100644
--- a/src/lib/libssl/t1_enc.c
+++ b/src/lib/libssl/t1_enc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: t1_enc.c,v 1.158 2024/07/20 04:04:23 jsing Exp $ */
+/* $OpenBSD: t1_enc.c,v 1.159 2026/04/03 13:11:00 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -389,25 +389,6 @@ tls1_setup_key_block(SSL *s)
         s->s3->hs.tls12.key_block = key_block;
         key_block = NULL;
 
-        if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS) &&
-            s->method->version <= TLS1_VERSION) {
-                /*
-                 * Enable vulnerability countermeasure for CBC ciphers with
-                 * known-IV problem (http://www.openssl.org/~bodo/tls-cbc.txt)
-                 */
-                s->s3->need_empty_fragments = 1;
-
-                if (s->s3->hs.cipher != NULL) {
-                        if (s->s3->hs.cipher->algorithm_enc == SSL_eNULL)
-                                s->s3->need_empty_fragments = 0;
-
-#ifndef OPENSSL_NO_RC4
-                        if (s->s3->hs.cipher->algorithm_enc == SSL_RC4)
-                                s->s3->need_empty_fragments = 0;
-#endif
-                }
-        }
-
         ret = 1;
 
  err: