From: Matt Caswell <matt@openssl.org>
Date: Tue, 30 Aug 2022 15:04:31 +0000 (+0100)
Subject: Remove empty_fragment_done
X-Git-Tag: openssl-3.2.0-alpha1~2032
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=91141aa1b0ff9d92323e2545bb9f6f0d1e2a8844;p=thirdparty%2Fopenssl.git

Remove empty_fragment_done

Now that we are no longer recursively addinng the prefix record this
doesn't seem necessary any more. We always add it every time we do
tls_write_records.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19198)
---

diff --git a/ssl/record/methods/tls_common.c b/ssl/record/methods/tls_common.c
index 01bfd477d92..0f094abf7ff 100644
--- a/ssl/record/methods/tls_common.c
+++ b/ssl/record/methods/tls_common.c
@@ -1442,7 +1442,6 @@ int tls_write_records(OSSL_RECORD_LAYER *rl, OSSL_RECORD_TEMPLATE *templates,
      */
     prefix = s->s3.need_empty_fragments
              && !clear
-             && !s->s3.empty_fragment_done
              && templates[0].type == SSL3_RT_APPLICATION_DATA;
 
     if (rl->numwpipes < numtempl + prefix) {
@@ -1473,9 +1472,6 @@ int tls_write_records(OSSL_RECORD_LAYER *rl, OSSL_RECORD_TEMPLATE *templates,
         prefixtempl.type = SSL3_RT_APPLICATION_DATA;
         wpinited = 1;
 
-        /* TODO(RECLAYER): Do we actually need this? */
-        s->s3.empty_fragment_done = 1;
-
         wb = &rl->wbuf[0];
         /* TODO(RECLAYER): This alignment calculation no longer seems right */
 #if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0
@@ -1897,11 +1893,6 @@ int tls_retry_write_records(OSSL_RECORD_LAYER *rl)
             if (++(rl->nextwbuf) < rl->numwpipes)
                 continue;
             s->rwstate = SSL_NOTHING;
-            /*
-             * Next chunk of data should get another prepended empty fragment
-             * in ciphersuites with known-IV weakness:
-             */
-            s->s3.empty_fragment_done = 0;
 
             if (rl->nextwbuf == rl->numwpipes
                     && (rl->mode & SSL_MODE_RELEASE_BUFFERS) != 0)
diff --git a/ssl/ssl_local.h b/ssl/ssl_local.h
index e1c90cfca49..c8e8d9f4475 100644
--- a/ssl/ssl_local.h
+++ b/ssl/ssl_local.h
@@ -1298,7 +1298,6 @@ struct ssl_connection_st {
         unsigned char client_random[SSL3_RANDOM_SIZE];
         /* flags for countermeasure against known-IV weakness */
         int need_empty_fragments;
-        int empty_fragment_done;
         /* used during startup, digest all incoming/outgoing packets */
         BIO *handshake_buffer;
         /*