4 files changed, 8 insertions, 15 deletions

diff --git a/src/lib/libssl/ssl_both.c b/src/lib/libssl/ssl_both.c
index 995f1c4601..5a704233c9 100644
--- a/src/lib/libssl/ssl_both.c
+++ b/src/lib/libssl/ssl_both.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_both.c,v 1.47 2024/02/03 15:58:33 beck Exp $ */
+/* $OpenBSD: ssl_both.c,v 1.48 2026/04/03 07:17:36 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -358,14 +358,11 @@ ssl3_get_message(SSL *s, int st1, int stn, int mt, long max)
         }
 
         /* Feed this message into MAC computation. */
-        if (s->mac_packet) {
-                tls1_transcript_record(s, (unsigned char *)s->init_buf->data,
-                    s->init_num + SSL3_HM_HEADER_LENGTH);
+        tls1_transcript_record(s, (unsigned char *)s->init_buf->data,
+            s->init_num + SSL3_HM_HEADER_LENGTH);
 
-                ssl_msg_callback(s, 0, SSL3_RT_HANDSHAKE,
-                    s->init_buf->data,
-                    (size_t)s->init_num + SSL3_HM_HEADER_LENGTH);
-        }
+        ssl_msg_callback(s, 0, SSL3_RT_HANDSHAKE, s->init_buf->data,
+            (size_t)s->init_num + SSL3_HM_HEADER_LENGTH);
 
         return 1;
 
diff --git a/src/lib/libssl/ssl_local.h b/src/lib/libssl/ssl_local.h
index 7942c36dbd..45e57ead9e 100644
--- a/src/lib/libssl/ssl_local.h
+++ b/src/lib/libssl/ssl_local.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_local.h,v 1.35 2025/12/04 21:16:17 beck Exp $ */
+/* $OpenBSD: ssl_local.h,v 1.36 2026/04/03 07:17:36 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1057,8 +1057,6 @@ struct ssl_st {
 
         int rstate;     /* where we are when reading */
 
-        int mac_packet;
-
         int empty_record_count;
 
         size_t num_tickets; /* Unused, for OpenSSL compatibility */
diff --git a/src/lib/libssl/ssl_pkt.c b/src/lib/libssl/ssl_pkt.c
index 7032175aac..d2921228c1 100644
--- a/src/lib/libssl/ssl_pkt.c
+++ b/src/lib/libssl/ssl_pkt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_pkt.c,v 1.69 2025/03/12 14:03:55 jsing Exp $ */
+/* $OpenBSD: ssl_pkt.c,v 1.70 2026/04/03 07:17:36 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -350,7 +350,6 @@ ssl3_get_record(SSL *s)
                 if (n <= 0)
                         return (n);
 
-                s->mac_packet = 1;
                 s->rstate = SSL_ST_READ_BODY;
 
                 if (s->server && s->first_packet) {
diff --git a/src/lib/libssl/tls13_legacy.c b/src/lib/libssl/tls13_legacy.c
index 6c33eccc61..6a06330b22 100644
--- a/src/lib/libssl/tls13_legacy.c
+++ b/src/lib/libssl/tls13_legacy.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: tls13_legacy.c,v 1.44 2024/01/30 14:50:50 jsing Exp $ */
+/*      $OpenBSD: tls13_legacy.c,v 1.45 2026/04/03 07:17:36 jsing Exp $ */
 /*
  * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
  *
@@ -353,7 +353,6 @@ tls13_use_legacy_stack(struct tls13_ctx *ctx)
                 s->rstate = SSL_ST_READ_BODY;
                 s->packet = s->s3->rbuf.buf;
                 s->packet_length = SSL3_RT_HEADER_LENGTH;
-                s->mac_packet = 1;
         }
 
         /* Stash the current handshake message. */