Remove empty_fragment_done

Now that we are no longer recursively addinng the prefix record this
doesn't seem necessary any more. We always add it every time we do
tls_write_records.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19198)

diff --git a/ssl/record/methods/tls_common.c b/ssl/record/methods/tls_common.c
index 01bfd477d9210c862bc505861fc427afb4422758..0f094abf7ffebcbbf9291a31a7be93bda4eb950c 100644 (file)
--- a/ssl/record/methods/tls_common.c
+++ b/ssl/record/methods/tls_common.c
@@ -1442,7 +1442,6 @@ int tls_write_records(OSSL_RECORD_LAYER *rl, OSSL_RECORD_TEMPLATE *templates,
      */
     prefix = s->s3.need_empty_fragments
              && !clear
-             && !s->s3.empty_fragment_done
              && templates[0].type == SSL3_RT_APPLICATION_DATA;
 
     if (rl->numwpipes < numtempl + prefix) {
@@ -1473,9 +1472,6 @@ int tls_write_records(OSSL_RECORD_LAYER *rl, OSSL_RECORD_TEMPLATE *templates,
         prefixtempl.type = SSL3_RT_APPLICATION_DATA;
         wpinited = 1;
 
-        /* TODO(RECLAYER): Do we actually need this? */
-        s->s3.empty_fragment_done = 1;
-
         wb = &rl->wbuf[0];
         /* TODO(RECLAYER): This alignment calculation no longer seems right */
 #if defined(SSL3_ALIGN_PAYLOAD) && SSL3_ALIGN_PAYLOAD!=0
@@ -1897,11 +1893,6 @@ int tls_retry_write_records(OSSL_RECORD_LAYER *rl)
             if (++(rl->nextwbuf) < rl->numwpipes)
                 continue;
             s->rwstate = SSL_NOTHING;
-            /*
-             * Next chunk of data should get another prepended empty fragment
-             * in ciphersuites with known-IV weakness:
-             */
-            s->s3.empty_fragment_done = 0;
 
             if (rl->nextwbuf == rl->numwpipes
                     && (rl->mode & SSL_MODE_RELEASE_BUFFERS) != 0)

diff --git a/ssl/ssl_local.h b/ssl/ssl_local.h
index e1c90cfca49a121e4d8e913d9fda0b7a6b44f762..c8e8d9f4475f6e3e145152107818587e6c637cee 100644 (file)
--- a/ssl/ssl_local.h
+++ b/ssl/ssl_local.h
@@ -1298,7 +1298,6 @@ struct ssl_connection_st {
         unsigned char client_random[SSL3_RANDOM_SIZE];
         /* flags for countermeasure against known-IV weakness */
         int need_empty_fragments;
-        int empty_fragment_done;
         /* used during startup, digest all incoming/outgoing packets */
         BIO *handshake_buffer;
         /*