Enforce read ahead with DTLS.

DTLS is largely broken/useless without read ahead being enabled, so enforce it for DTLS. This behaviour matches both our documentation and OpenSSL. ok tb@
author: jsing <jsing@openbsd.org> 2021-02-08 17:18:39 +0000
committer: jsing <jsing@openbsd.org> 2021-02-08 17:18:39 +0000
commit: 50c7844476b3d345d13be8503d28ceeb6305d7c5 (patch)
tree: 02fe3bc47fb6e11f70a79e5948fc8d049d5a03c8 /lib/libssl/ssl_pkt.c
parent: Use dtls1_retrieve_buffered_record() to load buffered application data. (diff)
download: wireguard-openbsd-50c7844476b3d345d13be8503d28ceeb6305d7c5.tar.xz
wireguard-openbsd-50c7844476b3d345d13be8503d28ceeb6305d7c5.zip
1 files changed, 5 insertions, 5 deletions
diff --git a/lib/libssl/ssl_pkt.c b/lib/libssl/ssl_pkt.c
index 31a66753bfe..1e0bd83d09d 100644
--- a/lib/libssl/ssl_pkt.c
+++ b/lib/libssl/ssl_pkt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_pkt.c,v 1.34 2021/01/19 18:57:09 jsing Exp $ */
+/* $OpenBSD: ssl_pkt.c,v 1.35 2021/02/08 17:18:39 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -227,14 +227,14 @@ ssl3_read_n(SSL *s, int n, int max, int extend)
 		return -1;
 	}
 
-	if (!s->internal->read_ahead) {
-		/* ignore max parameter */
-		max = n;
-	} else {
+	if (s->internal->read_ahead || SSL_is_dtls(s)) {
 		if (max < n)
 			max = n;
 		if (max > (int)(rb->len - rb->offset))
 			max = rb->len - rb->offset;
+	} else {
+		/* ignore max parameter */
+		max = n;
 	}
 
 	while (left < n) {
author	jsing <jsing@openbsd.org>	2021-02-08 17:18:39 +0000
committer	jsing <jsing@openbsd.org>	2021-02-08 17:18:39 +0000
commit	50c7844476b3d345d13be8503d28ceeb6305d7c5 (patch)
tree	02fe3bc47fb6e11f70a79e5948fc8d049d5a03c8 /lib/libssl/ssl_pkt.c
parent	Use dtls1_retrieve_buffered_record() to load buffered application data. (diff)
download	wireguard-openbsd-50c7844476b3d345d13be8503d28ceeb6305d7c5.tar.xz wireguard-openbsd-50c7844476b3d345d13be8503d28ceeb6305d7c5.zip