From 50c7844476b3d345d13be8503d28ceeb6305d7c5 Mon Sep 17 00:00:00 2001 From: jsing Date: Mon, 8 Feb 2021 17:18:39 +0000 Subject: [PATCH] Enforce read ahead with DTLS. DTLS is largely broken/useless without read ahead being enabled, so enforce it for DTLS. This behaviour matches both our documentation and OpenSSL. ok tb@ --- lib/libssl/ssl_pkt.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/lib/libssl/ssl_pkt.c b/lib/libssl/ssl_pkt.c index 31a66753bfe..1e0bd83d09d 100644 --- a/lib/libssl/ssl_pkt.c +++ b/lib/libssl/ssl_pkt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_pkt.c,v 1.34 2021/01/19 18:57:09 jsing Exp $ */ +/* $OpenBSD: ssl_pkt.c,v 1.35 2021/02/08 17:18:39 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -227,14 +227,14 @@ ssl3_read_n(SSL *s, int n, int max, int extend) return -1; } - if (!s->internal->read_ahead) { - /* ignore max parameter */ - max = n; - } else { + if (s->internal->read_ahead || SSL_is_dtls(s)) { if (max < n) max = n; if (max > (int)(rb->len - rb->offset)) max = rb->len - rb->offset; + } else { + /* ignore max parameter */ + max = n; } while (left < n) { -- 2.20.1