From: Stefan Eissing <stefan@eissing.org>
Date: Tue, 16 Sep 2025 13:49:58 +0000 (+0200)
Subject: aws-lc: re-enable large read-ahead with v1.61.0 again
X-Git-Tag: rc-8_17_0-3~582
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ff8dfd315c155960836105ad719185c3b4d547bd;p=thirdparty%2Fcurl.git

aws-lc: re-enable large read-ahead with v1.61.0 again

AWS-LC fixed a bug with large read ahead buffers in v1.61.0. Check a
define introduced in that version to enable the large read ahead again.

AWS-LC issue: https://github.com/aws/aws-lc/issues/2650

Closes #18568
---

diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c
index 5c22ad25dc..af890b6c57 100644
--- a/lib/vtls/openssl.c
+++ b/lib/vtls/openssl.c
@@ -121,14 +121,11 @@
 static void ossl_provider_cleanup(struct Curl_easy *data);
 #endif
 
-/*
- * AWS-LC has `SSL_CTX_set_default_read_buffer_len()?` but runs into
- * decryption failures with large buffers. Sporadic failures in
- * test_10_08 with h2 proxy uploads, increased frequency
- * with CURL_DBG_SOCK_RBLOCK=50. Looks like a bug on their part.
- */
+/* AWS-LC fixed a bug with large buffers in v1.61.0 which also introduced
+ * X509_V_ERR_EC_KEY_EXPLICIT_PARAMS. */
 #if OPENSSL_VERSION_NUMBER >= 0x10100000L && \
-  !defined(LIBRESSL_VERSION_NUMBER) && !defined(HAVE_BORINGSSL_LIKE)
+  !defined(LIBRESSL_VERSION_NUMBER) && !defined(OPENSSL_IS_BORINGSSL) && \
+  (!defined(OPENSSL_IS_AWSLC) || (defined(X509_V_ERR_EC_KEY_EXPLICIT_PARAMS)))
 #define HAVE_SSL_CTX_SET_DEFAULT_READ_BUFFER_LEN 1
 #endif