1 files changed, 2 insertions, 45 deletions
diff --git a/src/lib/libssl/ssl_pkt.c b/src/lib/libssl/ssl_pkt.c
index 7032175aac..6440ef210f 100644
--- a/src/lib/libssl/ssl_pkt.c
+++ b/src/lib/libssl/ssl_pkt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_pkt.c,v 1.69 2025/03/12 14:03:55 jsing Exp $ */
+/* $OpenBSD: ssl_pkt.c,v 1.72 2026/04/03 13:11:00 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -350,15 +350,8 @@ ssl3_get_record(SSL *s)
                if (n <= 0)
                        return (n);
-                s->mac_packet = 1;
                s->rstate = SSL_ST_READ_BODY;
-                if (s->server && s->first_packet) {
-                        if ((ret = ssl_server_legacy_first_packet(s)) != 1)
-                                return (ret);
-                        ret = -1;
-                }
                CBS_init(&header, s->packet, SSL3_RT_HEADER_LENGTH);
                /* Pull apart the header into the SSL3_RECORD_INTERNAL */
@@ -513,16 +506,8 @@ ssl3_write_bytes(SSL *s, int type, const void *buf_, int len)
                }
                if ((i == (int)n) || (type == SSL3_RT_APPLICATION_DATA &&
-                    (s->mode & SSL_MODE_ENABLE_PARTIAL_WRITE))) {
+                    (s->mode & SSL_MODE_ENABLE_PARTIAL_WRITE)))
-                        /*
-                         * Next chunk of data should get another prepended
-                         * empty fragment in ciphersuites with known-IV
-                         * weakness.
-                         */
-                        s->s3->empty_fragment_done = 0;
                        return tot + i;
-                }
                n -= i;
                tot += i;
@@ -533,8 +518,6 @@ static int
 do_ssl3_write(SSL *s, int type, const unsigned char *buf, unsigned int len)
 {
        SSL3_BUFFER_INTERNAL *wb = &(s->s3->wbuf);
-        SSL_SESSION *sess = s->session;
-        int need_empty_fragment = 0;
        size_t align, out_len;
        CBB cbb;
        int ret;
@@ -567,26 +550,7 @@ do_ssl3_write(SSL *s, int type, const unsigned char *buf, unsigned int len)
        if (len == 0)
                return 0;
-        /*
-         * Countermeasure against known-IV weakness in CBC ciphersuites
-         * (see http://www.openssl.org/~bodo/tls-cbc.txt). Note that this
-         * is unnecessary for AEAD.
-         */
-        if (sess != NULL && tls12_record_layer_write_protected(s->rl)) {
-                if (s->s3->need_empty_fragments &&
-                    !s->s3->empty_fragment_done &&
-                    type == SSL3_RT_APPLICATION_DATA)
-                        need_empty_fragment = 1;
-        }
-        /*
-         * An extra fragment would be a couple of cipher blocks, which would
-         * be a multiple of SSL3_ALIGN_PAYLOAD, so if we want to align the real
-         * payload, then we can just simply pretend we have two headers.
-         */
        align = (size_t)wb->buf + SSL3_RT_HEADER_LENGTH;
-        if (need_empty_fragment)
-                align += SSL3_RT_HEADER_LENGTH;
        align = (-align) & (SSL3_ALIGN_PAYLOAD - 1);
        wb->offset = align;
@@ -595,13 +559,6 @@ do_ssl3_write(SSL *s, int type, const unsigned char *buf, unsigned int len)
        tls12_record_layer_set_version(s->rl, s->version);
-        if (need_empty_fragment) {
-                if (!tls12_record_layer_seal_record(s->rl, type,
-                    buf, 0, &cbb))
-                        goto err;
-                s->s3->empty_fragment_done = 1;
-        }
        if (!tls12_record_layer_seal_record(s->rl, type, buf, len, &cbb))
                goto err;

diff --git a/src/lib/libssl/ssl_pkt.c b/src/lib/libssl/ssl_pkt.c index 7032175aac..6440ef210f 100644 --- a/src/lib/libssl/ssl_pkt.c +++ b/src/lib/libssl/ssl_pkt.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_pkt.c,v 1.69 2025/03/12 14:03:55 jsing Exp $ */	1	/* $OpenBSD: ssl_pkt.c,v 1.72 2026/04/03 13:11:00 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -350,15 +350,8 @@ ssl3_get_record(SSL *s)
350	if (n <= 0)	350	if (n <= 0)
351	return (n);	351	return (n);
352		352
353	s->mac_packet = 1;
354	s->rstate = SSL_ST_READ_BODY;	353	s->rstate = SSL_ST_READ_BODY;
355		354
356	if (s->server && s->first_packet) {
357	if ((ret = ssl_server_legacy_first_packet(s)) != 1)
358	return (ret);
359	ret = -1;
360	}
361
362	CBS_init(&header, s->packet, SSL3_RT_HEADER_LENGTH);	355	CBS_init(&header, s->packet, SSL3_RT_HEADER_LENGTH);
363		356
364	/* Pull apart the header into the SSL3_RECORD_INTERNAL */	357	/* Pull apart the header into the SSL3_RECORD_INTERNAL */
@@ -513,16 +506,8 @@ ssl3_write_bytes(SSL s, int type, const void buf_, int len)
513	}	506	}
514		507
515	if ((i == (int)n) \|\| (type == SSL3_RT_APPLICATION_DATA &&	508	if ((i == (int)n) \|\| (type == SSL3_RT_APPLICATION_DATA &&
516	(s->mode & SSL_MODE_ENABLE_PARTIAL_WRITE))) {	509	(s->mode & SSL_MODE_ENABLE_PARTIAL_WRITE)))
517	/*
518	* Next chunk of data should get another prepended
519	* empty fragment in ciphersuites with known-IV
520	* weakness.
521	*/
522	s->s3->empty_fragment_done = 0;
523
524	return tot + i;	510	return tot + i;
525	}
526		511
527	n -= i;	512	n -= i;
528	tot += i;	513	tot += i;
@@ -533,8 +518,6 @@ static int
533	do_ssl3_write(SSL s, int type, const unsigned char buf, unsigned int len)	518	do_ssl3_write(SSL s, int type, const unsigned char buf, unsigned int len)
534	{	519	{
535	SSL3_BUFFER_INTERNAL *wb = &(s->s3->wbuf);	520	SSL3_BUFFER_INTERNAL *wb = &(s->s3->wbuf);
536	SSL_SESSION *sess = s->session;
537	int need_empty_fragment = 0;
538	size_t align, out_len;	521	size_t align, out_len;
539	CBB cbb;	522	CBB cbb;
540	int ret;	523	int ret;
@@ -567,26 +550,7 @@ do_ssl3_write(SSL s, int type, const unsigned char buf, unsigned int len)
567	if (len == 0)	550	if (len == 0)
568	return 0;	551	return 0;
569		552
570	/*
571	* Countermeasure against known-IV weakness in CBC ciphersuites
572	* (see http://www.openssl.org/~bodo/tls-cbc.txt). Note that this
573	* is unnecessary for AEAD.
574	*/
575	if (sess != NULL && tls12_record_layer_write_protected(s->rl)) {
576	if (s->s3->need_empty_fragments &&
577	!s->s3->empty_fragment_done &&
578	type == SSL3_RT_APPLICATION_DATA)
579	need_empty_fragment = 1;
580	}
581
582	/*
583	* An extra fragment would be a couple of cipher blocks, which would
584	* be a multiple of SSL3_ALIGN_PAYLOAD, so if we want to align the real
585	* payload, then we can just simply pretend we have two headers.
586	*/
587	align = (size_t)wb->buf + SSL3_RT_HEADER_LENGTH;	553	align = (size_t)wb->buf + SSL3_RT_HEADER_LENGTH;
588	if (need_empty_fragment)
589	align += SSL3_RT_HEADER_LENGTH;
590	align = (-align) & (SSL3_ALIGN_PAYLOAD - 1);	554	align = (-align) & (SSL3_ALIGN_PAYLOAD - 1);
591	wb->offset = align;	555	wb->offset = align;
592		556
@@ -595,13 +559,6 @@ do_ssl3_write(SSL s, int type, const unsigned char buf, unsigned int len)
595		559
596	tls12_record_layer_set_version(s->rl, s->version);	560	tls12_record_layer_set_version(s->rl, s->version);
597		561
598	if (need_empty_fragment) {
599	if (!tls12_record_layer_seal_record(s->rl, type,
600	buf, 0, &cbb))
601	goto err;
602	s->s3->empty_fragment_done = 1;
603	}
604
605	if (!tls12_record_layer_seal_record(s->rl, type, buf, len, &cbb))	562	if (!tls12_record_layer_seal_record(s->rl, type, buf, len, &cbb))
606	goto err;	563	goto err;
607		564